This article is from the source 'guardian' and was first published or seen
on .
It last changed over 40 days ago and won't be checked again for changes.
Max Schrems Facebook privacy complaint to be investigated in Ireland
Max Schrems Facebook privacy complaint to be investigated in Ireland
(35 minutes later)
The privacy campaigner who successfully challenged a treaty which allowed the data of millions of European citizens to be transferred to the US has warned he may take more cases.
Facebook’s European privacy practices are to be investigated by the Irish data protection watchdog, after a three-year legal fight by Austrian privacy campaigner Max Schrems.
Max Schrems is to have his groundbreaking complaint over the alleged movement of personal information by Facebook investigated by Ireland’s online watchdog after a near three-year fight.
The high court in Dublin quashed the Irish data protection commissioner’s original refusal to examine Schrems’ complaint over the alleged movement of his data outside of Europe by Facebook after referring the case to the European court of justice.
And as the high court in Dublin cleared the way for the audit, the Austrian law student said he was considering other challenges to tech giants involved in cloud services.
Judge Gerard Hogan said the initial decision by the watchdog had been premised on the validity of the safe harbour agreement, which was recently declared invalid by the ECJ after another, separate two-year case by Schrems against Facebook.
“There are certain companies where we know they are involved in mass surveillance because of the Snowden leaks, and I think that’s the companies you should take a look at,” Schrems said.
“The commissioner is obliged now to investigate the complaint … and I’ve absolutely no doubt that she will proceed to do so,” Hogan said, while awarding Schrems costs for his legal bill and travel expenses.
His long-running legal battle over the Safe Harbour treaty was sparked by Edward Snowden’s revelations over the NSA Prism surveillance system, which allowed spies to access enormous amounts of data from global tech companies.
Ireland’s data protection commissioner Helen Dixon welcomed the ruling and said: “My office will now proceed to investigate the substance of the complaint with all due diligence.”
It culminated in the European court of justice ruling earlier this month that the agreement was invalid and did not give citizens adequate protection, sparking chaos in diplomatic channels in Washington and Brussels.
The law is clear so theoretically you could make a decision within weeks
Talks have been going on for two years over a replacement treaty.
Schrems, who has been critical of the Irish who govern Facebook’s operations within Europe, said: “The big question is going to be if the Irish Data Protection Commissioner is going to do its job.
There have also been claims in business and e-commerce circles that the end of “safe harbour” will cause massive disruption for businesses trading across the Atlantic.
“The law is clear and the facts are rather clear so theoretically you could make a decision within weeks.
Ireland’s Data Protection Commission oversees the practices of Facebook Ireland, which every user outside of the US and Canada legally deals with, but the watchdog turned down Schrems’s claims for an inquiry into how it handled his personal data.
The latest hurdle blocking the inquiry was cleared in the High Court in Dublin after it quashed the commissioner’s original refusal to examine the complaint after referring the case to the ECJ.
Judge Gerard Hogan said the initial decision by the watchdog had been premised on the validity of the Safe Harbour agreement.
“The commissioner is obliged now to investigate the complaint ... and I’ve absolutely no doubt that she will proceed to do so,” he said.
Judge Hogan said Schrems’s landmark challenge over data transfer was possibly the most important ruling of the ECJ in years and that it “transcended international law”.
The campaigner said watchdogs in 28 European states will now be able to accept complaints about the movement of personal information.
Schrems added: “It’s a procedure you start but you get into it step by step, you didn’t plan it to be this big thing but you think, there is actually the problem, and you poke and see what’s happening and it’s good if things get poked up all the way and solved in the end.”
Facebook reiterated it does not give the US government direct access to its servers.
“We will respond to inquiries from the Irish Data Protection Commission as they examine the protections for the transfer of personal data under applicable law,” a spokesman for the social media giant said.
Facebook also insists it does not recognise Prism and that it adopts rigorous processes when governments seek data.
Ireland’s Data Protection Commissioner Helen Dixon said: “I welcome today’s ruling from Judge Hogan which brings these proceedings to a conclusion. My office will now proceed to investigate the substance of the complaint with all due diligence.”
Schrems said he was happy with the outcome.
“The big question is going to be if the Irish Data Protection Commissioner is going to do its job,” he said.
“They pledged that they will really investigate things swiftly. My last experience was that a complaint takes up to three years and nothing comes out of it but they now pledge the opposite and I hope that’s going to be the case.”
“They pledged that they will really investigate things swiftly. My last experience was that a complaint takes up to three years and nothing comes out of it but they now pledge the opposite and I hope that’s going to be the case.”
Schrems warned it would be very hard for European and US authorities to create a new version of safe harbour based on the ECJ ruling.
Facebook reiterated that it does not give the US government direct access to its servers and it does not recognise the NSA’s Prism surveillance programme.
“I think for the US on the one hand they would have to turn down their surveillance state and the only thing they would get is a little easier access to the European market,” he said.
A Facebook spokesperson said: “We will respond to inquiries from the Irish Data Protection Commission as they examine the protections for the transfer of personal data under applicable law.”
“I doubt it is going to be possible to get a second Safe Harbour that also withstands another challenge at the ECJ … the court has been very clear a new Safe Harbour would have to give you the same rights as you have in Europe. That’s going to be hard to get a deal on.”
Safe harbour no more
Schrems has also been awarded costs for his legal bill and travel expenses.
The news comes after the invalidation of the 15-year-old safe harbour agreement, which deemed European citizens’ data transferred between the EU and US as being adequately protected, allowing US companies to self certify their data protection practices.
During the court hearing, judge Hogan was told relations between Schrems and the data watchdog were strained.
The Snowden revelations over the NSA’s surveillance practices triggered unrest in Europe and provoked the Schrems’ landmark challenge, which led to what Hogan described as the most important ruling of the ECJ in years that “transcended international law”.
Noel Travers, senior counsel for Schrems, said: “The investigation should be conducted with all due speed.
Schrems said: “It’s a procedure you start but you get into it step by step, you didn’t plan it to be this big thing but you think, there is actually the problem, and you poke and see what’s happening and it’s good if things get poked up all the way and solved in the end.”
“The transfers of data are still going on two-and-a-half years later.”
The campaigner said watchdogs in 28 European states will now be able to accept complaints about the movement of personal information and that he was considering other challenges to tech giants involved in cloud services.
The barrister warned of the risk that the audit would postpone indefinitely and added: “The level of trust between the Data Protection Commission and their client is not very high.”
“There are certain companies where we know they are involved in mass surveillance because of the Snowden leaks, and I think those are the companies you should take a look at,” Schrems said.
Schrems warned it would be very hard for European and US authorities to create a version of safe harbour based on the ECJ ruling that would withstand another challenge at the ECJ.
“The court has been very clear a new safe harbour would have to give you the same rights as you have in Europe. That’s going to be hard to get a deal on,” he said.
