Naked Security: Facebook privacy case to be referred to European Court of Justice

InsightaaS: We often say that we live and compete in a 'global economy,' but it can be easy to forget that there are obligations that accompany the nearly-boundless opportunity that the phrase suggests. This article, from Naked Security - a news/blog site hosted by security vendor Sophos - provides a jarring reminder that with great scope comes a large number of specific obligations. The piece contemplates the implications of a court challenge launched by privacy group 'Europe v Facebook', which argues that Facebook, as a result of having a Dublin-based subsidiary, is subject to European privacy laws, which are "generally tougher than US laws." In finding that the case against Facebook could proceed, a European High Court Justice noted that the Safe Harbor agreement that governs US/EU data transfer may have been "overtaking by events" - notably, Snowden's revelations of the US government's PRISM cybersurveillance program (in which Facebook has been identified as a participant) - and added that PRISM is not in accordance with Irish law. In the article, author Lee Munson concludes that "The subsequent verdict from the ECJ is likely to apply to all US companies that have participated in the PRISM programme and who also trade in Europe." 

The High Court in Ireland has referred a data-sharing case to the European Court of Justice (ECJ), over the social network's relationship with the NSA and its PRISM programme.

The referral follows a High Court Challenge by Austrian law student Max Schrems who fronts a privacy group called 'Europe v Facebook'. Schrems claims that Ireland's Data Protection Commissioner Billy Hawkes erroneously interpreted and applied the law when he rejected a complaint about the mass transfer of Facebook users' data to the US National Security Agency.

The Commissioner had argued that an investigation was not necessary since Schrems could not prove that his own data had been accessed.

The Commissioner ruled that Facebook's transfer of data fell within the terms of an EU-US data-sharing agreement made in July 2000 called 'Safe Harbour' which, he said, is compatible with the requirements of the EU Data Protection Directive.

Europe v Facebook, however, argues that, because Facebook has a subsidiary in Dublin, the firm is "subject to European privacy and consumer law, which is generally tougher than US laws."...

Read the entire post: