A US privacy law expert has told the High Court various obstacles under US law face European Union citizens who suspect breaches of their data privacy rights.
While there are a number of legal and other remedies in the US for breach of data privacy, Prof Andrew Serwin could not say just how adequate they are for EU citizens.
Certain remedies which are available for US citizens are not available for EU citizens, he said.
The difficulties facing those who believe their data may have been under surveillance include establishing surveillance actually occurred and securing the necessary standing to bring a case before the US courts, he said.
Adequacy
He had not expressed a view, in his detailed report to the court, on the adequacy of US remedies for EU citizens alleging breach of their data privacy rights under EU law. He was not an expert on EU law and could not offer an opinion as to how adequacy would be assessed under EU law, he said.
Prof Serwin, an expert witness for the Data Protection Commissioner, was examined about his report on Wednesday in the continuing case concerning the validity of European Commission decisions approving the use of EU-US data transfer channels known as standard contractual clauses (SCCs).
The case by commissioner Helen Dixon arises from a complaint by Austrian lawyer Max Schrems alleging transfer of his personal data by Facebook Ireland to its US parent breached his data privacy rights as an EU citizen.
The commissioner has made a draft finding Mr Schrems had “well-founded” objections to the SCCs and she wanted the Irish court to ask the Court of Justice of the EU (CJEU) to determine the validity of EU decisions approving the SCCs.
Earlier on Wednesday, Ms Justice Caroline Costello refused applications by three organisations – the Business Software Alliance (BSA), the Washington-based Electronic Privacy Information Centre (Epic) and Digital Europe – to be permitted to provide sworn evidence on issues of concern to them.
The three, along with the US government, were previously joined to the case as amici curiae, assistants to the court on legal issues. As amici, all are entitled to make legal submissions but the BSA, Epic and Digital Europe sought to also provide affidavits.
The US government did not seek to provide sworn evidence but will make submissions, to be heard towards the end of the case.
In her ruling, Ms Justice Costello said it seemed clear the four were joined as amici so that, if a reference was made to the CJEU, they would not be excluded from that hearing. There was nothing to suggest, to fulfil their role of assisting the court, they needed to adduce evidence.
Data
There is no absolute rule an amicus can never adduce evidence but, as a general rule, an amicus is not permitted give evidence, she said.
The evidence the three amici sought to call would not assist her in deciding the issues and therefore did not meet the test for admission, she said.
Digital Europe, for example, sought to adduce evidence about transfers of data under the SCCs to other third countries, as well as the US, but this case was only concerned with transfers of data to the US via the SCCs, she said. While Epic sought to provide affidavit evidence from an expert on US law, five experts called by the parties would give evidence, she noted.
Legal submissions from the amici would be sufficient in this case, she ruled.
The case continues. While listed for three weeks, it now appears likely to run for at least five.