High Court privacy case puts Ireland at centre of data collection controversy

Opinion: ‘They are watching everyone in Europe from Grand Canal Dock, the Valley of the Squinting Smartphones’

Photograph: Cyril Byrne
Photograph: Cyril Byrne

Remember the valley of the squinting windows? That narrow-minded place of twitching net curtains where gossips kept you in your place by making sure everyone knew your business? Critics of Facebook and Google argue these companies have struck gold by doing just that. Offering users “free” services in exchange for personal data, veiling their true business model of monetising old- fashioned nosiness on a vast scale.

The main difference from the squinting windows society is that, after cajoling you into sharing your privacy with them, these companies share the information not with other village gossips but rather with advertisers and, whistleblower Edward Snowden has warned, state intelligence services.

Every time you use your smartphone to “like” something on Facebook or perform a Google search, these companies’ knowledge of you – what you like, where you are, what you’re doing, who you know – grows a little bigger. Observe billions of users for a long enough time, cross- reference and link their data morsels, and soon there is an all-you-can eat data buffet.

You may never have told Facebook your political views or your sexual preferences but the company can make eerily accurate predictions about those and much more.

READ MORE

Prism surveillance programme

Next Wednesday the High Court rules on a case brought by Austrian privacy campaigner Max Schrems. He asked the Republic’s data protection commissioner (DPC) to investigate Snowden’s claims that Facebook International, based in Dublin and thus under Irish jurisdiction, had passed on its EU users’ data – directly or indirectly – to the US National Security Agency (NSA) as part of its Prism surveillance programme. The DPC declined to investigate, saying it was an intelligence matter beyond his data protection remit.

In a judicial review the court has to decide who is right: Schrems for demanding an investigation, or the DPC for refusing one.

The ruling, though on a narrow legal issue, is part of a growing conflict between the profitable business of data collection and the basic human right to privacy. Regardless of the outcome on Wednesday, Ireland remains perched on this fault line, as three recent books make clear.

The first is investigative journalist Glenn Greenwald's gripping No Place to Hide, recounting his meeting a year ago with Snowden and subsequent exposure of the NSA's worldwide electronic surveillance network. In his book Greenwald, a lawyer by training, assesses the evidence and then presents a chilling closing argument.

“Taken in its entirety, the Snowden archive led to an ultimately simple conclusion: the US government had built a system that has as its goal the complete elimination of electronic privacy worldwide,” he writes. “The NSA is devoted to one overarching mission: to prevent the slightest piece of electronic communication from evading its systemic grasp.”

Greenwald offers a dystopian digital future, where states no longer merely spy on each other and legitimate suspects but also spy on their own – and each other’s – citizens as a matter of course. Data collated en masse by the NSA, Greenwald argues, creates a “system of ubiquitous spying [that] allows the United States maintain its grip on the world”. People who know they are being watched, he argues, are more supine to authority.

This new surveillance norm is developed further by Schrems in a [German- language] book, Fight for your Data. He suggests Facebook's terms and conditions are so broadly worded that the NSA is just another "partner" with whom the company has, he suspects, shared user data available via Prism.

Cayman Islands of data barons

Schrems, a law graduate, says challenging the compatibility of Facebook’s practices with EU rules would be no problem in his native Austria. But regulating Facebook is an Irish affair, requiring him to take his campaign – at great effort and considerable expense – to our shores, which he dubs the “Cayman Islands of the data barons”. With thousands of staff and billions in the bank Facebook has little to fear from Ireland’s “musketeers of data protection”, he writes: 20-odd civil servants with little legal or technical know-how based above a convenience store in Portarlington.

A similar damning view of Ireland's data protection regime emerges in Hands off our Data by Jan Philipp Albrecht. The German Green MEP, a European Parliament rapporteur on new EU data protection rules, criticises Ireland's "paradise- like" tax and privacy regime for Facebook and others. Schrems's battle with the DPC, writes Albrecht, is a "chronology of ... EU consumer disempowerment through a company that has settled in a data protection and legal system that doesn't enforce existing EU data protection regulations, in breach of EU rules".

Four years ago Facebook chief executive Mark Zuckerberg announced that people were increasingly comfortable sharing more information with more people. “That social norm,” he remarked, “is just something that has evolved over time.”

Digital self

There are many people around Europe who find such remarks worrying because, after cajoling you into parting with your personal information, your digital self vanishes into Facebook servers as its property, private until intelligence services come knocking.

EU privacy law, data protection campaigners argues, does not exist to secure Facebook’s business model but to shine a light on its contradictory business model of transparent users and opaque company.

In the digital age, Ireland’s squinting windows are no longer a national matter. It has frontline responsibility for regulating tech giants it has attracted, then allowed hide themselves behind one-way glass. They can watch you but you can’t watch them. And they are watching everyone in Europe from Grand Canal Dock, the Valley of the Squinting Smartphones.

Derek Scally is Berlin Correspondent