Last week, the Commercial Division of the High Court began hearing a case that could have an enormous impact on the privacy rights of hundreds of millions of Irish and EU citizens, involving the routine business transfer of personal data from Ireland to the US.
In the case, the Data Protection Commissioner has sought to refer to the Court of Justice of the European Union (CJEU) the question of whether certain contracts protect the privacy rights of EU citizens when their personal data is transferred outside Europe. The Commissioner is suing two parties in the case: Facebook Ireland, and Austrian privacy campaigner and lawyer Max Schrems. Proceedings started 7 February and are expected to last three weeks.
The US government and a number of business and privacy groups have been permitted to join the case as amici curiae, or “friends of the court”. Such amici can provide expertise and perspectives to assist the court in its deliberations.
The Electronic Privacy Information Center (EPIC) has been appointed as an amicus on the basis that it could offer a counterbalancing perspective from the US on the position in that jurisdiction, and would bring to bear an expertise which might not otherwise be available to the court.
The Data Protection Commissioner wants the High Court to refer to the CJEU for determination a number of issues concerning the validity of certain data transfer channels. These are known as ‘standard contractual clauses’ and have been approved by various European Commission decisions.
The clauses were designed to allow businesses to transfer the personal data of EU citizens to countries outside the European Economic Area while ensuring the citizens enjoyed equivalent privacy rights to those they have in the EU.
The Data Protection Commissioner’s office brought the proceedings after making a draft decision that Mr Schrem's complaint - as regards whether the channels breached the data privacy rights of EU citizens - was well founded.
Mr Schrems had made an earlier complaint to the Commissioner on how Facebook was handling his personal data when it transferred such data to the US. His concern stemmed from Edward Snowden’s disclosures around US government surveillance of private data. Mr Schrem’s complaint ended up at the EU Court of Justice, which struck down one of the main agreements on EU-US data transfer, known as ‘Safe Harbour’.
The present case is about the fundamental rights and freedoms of individuals in Europe, in particular the right to privacy and protection of personal data.
It is likely that EPIC and other amici will be allowed to make submissions after opening statements and expert witnesses have been heard. EPIC is being represented by FLAC in this case, the matter having been referred through PILA’s Pro Bono Referral Scheme.
Click here for a more detailed briefing note on the case.