The US government wants to be joined to legal proceedings here involving issues of huge significance for privacy rights of EU citizens arising from transfer of their personal data to the US.
In the proceedings, the Data Protection Commissioner has reached a preliminary view, subject to considering any further submissions, there are “well-founded” claims the personal data privacy rights of EU citizens are being breached arising from transfer of their personal data to the US where it might be accessed and processed by US State agencies for national security purposes in a manner incompatible with the Charter of Fundamental Rights of the EU.
Commissioner Helen Dixon now wants the Commercial Court to refer key issues for determination by the Court of Justice of the EU (CJEU) before her office makes a final decision on the complaint by Austrian student Max Schrems alleging breach of his data protection rights by Facebook Ireland. It denies any breach of Irish or EU law.
Mr Justice Brian McGovern on Monday agreed to fast-track the Commissioner’s case against Facebook Ireland and Mr Schrems and to hear, on June 27th, the commissioner’s application for referral of issues to the CJEU for determination.
Clauses
Those concern the validity of various European Commission decisions approving standard contractual clauses (SCCs) under which Facebook Ireland and others make data available to the US. SCCs are the main channel relied on to transmit data since the CJEU ruled last year the 15-year-old Safe Harbour arrangement (which allowed some 4,500 US companies transfer personal data to the US) violated fundamental rights of EU citizens to privacy and data protection.
Michael Collins SC, for the Commissioner, said the case is of enormous urgency with huge potential impact for commercial trade and the rights of parties in relation to processing of their data. Because no national court can decide the validity of the EC decisions on SCCs, the CJEU must determine that, he said.
The commissioner believed the concerns were “well-founded” and was obliged to refer matters to the CJEU. Paul Gallagher SC, for Facebook Ireland, said the case was “considerably more complicated” than outlined and raised very significant issues for his client which was assessing its position. Eoin McCullough SC, for Mr Schrems, did not oppose the case being fast-tracked but said Mr Schrems has concerns whether another reference to the CJEU was necessary.
Any reference should concern all potential derogations, he urged.
Eileen Barrington SC, for the US government, said it would be applying to be joined as an amicus curiae (assistant to the court on legal issues) as the case has “potentially signficiant” implications for US authorities and companies and is of significant importance to the US.
Maurice Collins SC, for the ESA software alliance, a global representative association representing companies including Apple, Microsoft and Intel, said it also wanted to be joined as an amicus curiae as his clients use SCCs to transfer data to the US and elsewhere.
Paul Anthony McDermott SC, for the Irish Business and Employers Confederation (IBEC) and US Chamber of Commerce, said the proceedings have significance for thousands of companies in the context of trade with the US.
Complaint
In proceedings initiated in 2013, Mr Schrems challenged then Commissioner Billy Hawkes' refusal to investigate his complaint against Facebook Ireland, made after former NSA security contractor Edward Snowden claimed Facebook and other US firms were being forced to make their personal information, including EU user data, available to US intelligence.
Mr Hawkes argued his hands were tied due to the Safe Harbour arrangement but, after the CJEU struck down Safe Harbout as invalid, Commissioner Dixon agreed to investigate Mr Schrems’ complaint, reformulated to include a substantive challenge to the validity of the EC decisions approving the SCCs.
Last month, the commissioner issued a preliminary decision to the effect transfer of data via SCCs is likely to breach provisions of the Charter of Fundamental Rights of the EU. That arose from a preliminary view EU citizens are unable to pursue a remedy in the US over transfer of their data there where it may be at risk of being accessed by US state agencies for national security purposess in a manner incompatible with the EU charter.