Fallout begins after court ruled data sharing with America is invalid, as Ireland kicks-off investigation
The Irish data protection watchdog has confirmed it is to begin an official investigation into Facebook’s data transfers to the United States.
The decision comes after Europe’s top court, the Court of Justice of the European Union (CJEU), earlier this month suspended the so-called Safe Harbour agreement that has allowed data-sharing between the EU and the US for the past 15 years.
Safe Harbour Fallout
The court took that decision after the Advocate General Yves Bot had said that the existing data sharing deal between the US and Europe was invalid and that members states could suspend data sharing with the US.
That decision comes after years of growing tension over the spying activities carried out by United States intelligence agencies, as well as the protection of personal data.
And now the Irish Data Protection Commissioner Helen Dixon has told the Irish High Court that she will proceed with her investigation, after having previously argued that the matter was outside her remit.
Ireland is leading Europe’s response to the court decision as Facebook’s EU headquarters is in Dublin. This fact prompted Austrian lawyer Max Schrems to bring his data privacy case in late 2012 against Facebook to the Irish data protection watchdog.
In his complaint, Schrems argued that the Edward Snowden disclosures showed there is no effective data protection regime in the United States.
The case progressed to the Irish High Court, but it then referred the decision about the snooping activities of the NSA up the ladder to the CJEU, which recently ruled that the current data sharing agreement was invalid.
“I welcome today’s ruling from Judge Hogan which brings these proceedings to a conclusion,” said the Irish Data Protection Commissioner Helen Dixon. “My Office will now proceed to investigate the substance of the complaint with all due diligence.”
The current Safe Harbour deal between Europe and the United States has been in place since 2000, and effectively allows US firms such as Google and Facebook to collect data on their European users, as long as certain principles around storage and security are upheld.
But Facebook, Google and others have (albeit reluctantly) shared this European data with American intelligence agencies such as the National Security Agency (NSA), when it requests the data.
However, the recent European court ruling now means that more than 4,000 companies who depend upon the agreement will need to rework their data-sharing practices in order to maintain compliance with the law.
“Facebook is not and has never been part of any programme to give the US government direct access to our servers,” a Facebook spokeswoman was quoted as saying by the BBC.
“We will respond to enquiries from the Irish Data Protection Commission as they examine the protections for the transfer of personal data under applicable law.”
This protest from Facebook may ring a little hollow to some. Jim Kinsella, the co-founder of cloud storage specialist Zettabox told TechweekEurope recently that any US-based firm cannot guarantee the privacy of European citizens’ data.
“The United States has the right to reach into the servers of any US-based firm, even if that data is in Europe,” warned Kinsella.
The EU is currently reviewing its Safe Harbour agreement with the United States, and is negotiating with Washington. In May it was revealed those negotiations are very close to completion, but the European court decision could trigger more investigations into data transfers by other US tech giants.
Following the NSA spying revelations. Where do you store your data?