US privacy group informs Irish High Court on adequacy of US law in protecting EU citizens’ data

The Irish High Court recently heard from US non-governmental organisation EPIC (Electronic Privacy Information Center) in the case of Data Protection Commissioner v. Facebook & Max Schrems, on privacy protection for transatlantic data transfers.

EPIC and a number of other parties were permitted to join the case as amici curiae, or “friends of the court”. Such amici can provide expertise and perspectives to assist the court in its deliberations. The US government is also appearing as an amicus in the case. FLAC represented EPIC in the case.

EPIC provided expert evidence on whether personal data transferred by Facebook Ireland to Facebook US receives adequate legal protection. As an amicus curiae, EPIC provided the High Court with a comprehensive assessment of the strengths and weaknesses of the US legal system as to how it protects the personal data of people resident in the EU, including Ireland, a perspective that might not otherwise have been available to the court.

Submissions for EPIC focused on concerns around:

  • Privacy protection for foreign communications and other personal data under U.S. surveillance law;
  • Legal redress available to E.U. citizens who wish to challenge U.S. government surveillance and the interception of personal data.

It discussed a variety of mechanisms used by the US Government to access personal data transferred to the US, including Executive Orders.

EPIC addressed the inadequacy of privacy safeguards for EU citizens, stating that US privacy protections are limited in scope; that personal data and communications of non-U.S. persons are excluded from important U.S privacy safeguards; and that many privacy rules are subject to Executive Branch modification or repeal.

It also examined the lack of effective redress for EU citizens. EPIC said that US law does not provide EU citizens with effective redress for violations of their Charter rights arising from authorised surveillance. It believes remedies that permit challenges to unauthorized surveillance are effectively untenable, and that EU Citizens’ Data Protection rights of access and correction are strictly limited under the Judicial Redress Act and are subject to discretionary policies that are revocable by the Executive. Finally, EPIC said overarching barriers to redress are likely to preclude EU citizens’ legal claims involving US surveillance.

This is one of the first times an NGO such as EPIC has been granted leave to appear as an amicus curiae in an Irish court. EPIC’s legal counsel Alan Butler travelled from the US to Ireland for the case.



Sustaining Partners