On Tuesday, the Irish Data Protection Commissioner admitted that it should investigate certain practices of Facebook, Inc. Particularly, it should investigate how Facebook transfers data to the United States. This concession follows a legal challenge brought by an Austrian law student after the data privacy regulator initially failed to conduct such an investigation.
Max Schrems filed his complaint in Ireland because Facebook’s European headquarters are located in Dublin. As part of his action, Schrems challenged Facebook’s practice of transferring European users’ data to the United States after the United States government’s Prism program was revealed in 2013. The Prism program allowed United States authorities to directly collect users’ private information.
An Irish High Court judge bounced the case to the European Union’s highest court, asking if Irish authorities were allowed to suspend data transfers if they found that privacy safeguards in the country of destination were insufficient.
The European Court of Justice (ECJ) ruled on the case two weeks ago and delivered a landmark ruling. The court held that a Safe Harbor agreement relied on by thousands of United States and European companies to freely send and transfer personal data to the United States was invalid because of the country’s insufficient privacy protection.
Following the subsequent ruling by Ireland’s high court, the data commissioner’s office said in a statement that it would “proceed to investigate the substance of the complaint with all due diligence.”
In a statement, Facebook said that although it had never been part of a program to provide to the United States government direct access to its servers, the company said it would “constructively engage” with any resulting investigations by the Commissioner.
The ECJ ruling has thousands of European and United States companies left in legal uncertainty over how to transfer personal data from Europe to the United States. The data includes human resources and payroll information, as well as personal data used for online advertising.
Paul Anthony McDermott, lawyer for the Irish Data Protection Commissioner (DPC) told the High Court in Dublin that, “We are consenting to the application that the decision be quashed.”
Stay Connected
