New developments in the Schrems v Facebook Case
In an unexpected move, the United States Government and IBEC have asked to be joined as parties in the Irish High Court case between privacy activist Max Schrems and Facebook. Schrems has welcomed the move, claiming that it will allow better scrutiny and understanding of how the US Government sanctions the interception of private citizens’ data, irrespective of where that data originates.
The case is of huge significance for the privacy rights of Irish and EU citizens whose personal data is transferred to the US, often without any adequate level of protection.
The Office of the Irish Data Protection Commissioner has reached a preliminary view that Schrems’ argument that the personal data privacy rights of EU citizens are being breached arising from transfer of their personal data to the US where it might be accessed and processed by US State agencies for national security purposes in a manner incompatible with the Charter of Fundamental Rights of the EU is “well-founded”.
After the CJEU struck down Safe Harbor agreement as invalid last October, the Commissioner’s office investigated Mr Schrems’ complaint which was reformulated to include a substantive challenge to the validity of the EC decisions approving the Standard Contract Clauses (SCCs).
However, because a national court is not empowered to decide the validity of the EC decisions on SCCs, the CJEU must determine the matter.
The Commissioner now wants the Irish High Court to refer key issues for determination by the Court of Justice of the EU (CJEU) before her Office makes a final decision on the claim. Facebook Ireland denies any breach of Irish or EU law
This week, Mr Justice Brian McGovern agreed to fast-track the Commissioner’s case and to hear, on June 27th, the Commissioner’s application for referral of issues to the CJEU for determination. The new parties to the case will be able to file their documents until June 22nd.
Since the invalidation of the Safe Harbour framework, many companies have turned to so-called "model contracts" as a way of ensuring that the data transfers across the Atlantic comply with EU privacy laws. However, as Schrems points out, "this shift in the legal basis does not remedy the fact that Facebook is still subject to US mass surveillance laws and programs, which the CJEU already found to be conflicting with EU law."
The current action in the Irish High Court will play a major role in establishing whether that is the case, which no doubt partly explains the US government's unusual intervention.