The European Court of Justice says Ireland’s Data Protection Commissioner now has a duty to re-examine Max Scrhrems’ claims against Facebook.
Austrian privacy activist Max Schrems triggered the case with a complaint he filed against Facebook with the privacy watchdog in Ireland, where the US social network company has its European base.
The court said the USA authorities were able to access the personal data transferred from European Union member states to the U.S. and process it in a way incompatible with the purposes for which it was transferred, beyond what was strictly necessary and proportionate to the protection of national security.
“The Court of Justice declares that the Commission’s U.S. Safe Harbour Decision is invalid”, it said in a statement on Tuesday.
( FB )-but also European companies operating in the US like German media giant Bertelsmann SE & Co-have been using the framework to move European personal data, such as payroll and contact information, to the U.S.in exchange for complying with Europe’s stricter privacy rules.
Schrems challenged Facebook’s transfers of European users’ data to its USA servers because of the risk of US snooping.
Gerard Rudden, Mr Schrems’s lawyer, said there is also the potential for lawsuits over Safe Harbour.
“This judgment draws a clear line”. Reasonable legal redress must be possible.
Schrems called the decision “a major blow for USA global surveillance that heavily relies on private partners”.
Yves Bot, an advocate general at the court, had said the agreement should be ditched because “mass, indiscriminate surveillance” by the USA suggests that, when Europeans’ data flows there, it isn’t sufficiently protected.
The case centres around the “Safe Harbour” treaty which allows personal data to be transferred out of the European Union to the U.S., where is can be monitored by the National Security Agency (NSA).
In a last minute PR scramble in recent weeks as that decision looked likely both the USA mission in Europe and Robert Litt, the general counsel from the office of United States director of national intelligence, have been attempting to argue that USA intelligence operates “targeted” not mass surveillance, despite the dragnet approached detailed in the Snowden documents.
“Likewise, the court observes that legislation not providing for any possibility for an individual to pursue legal remedies in order to have access to personal data relating to him, or to obtain the rectification or erasure of such data, compromises the essence of the fundamental right to effective judicial protection, the existence of such a possibility being inherent in the existence of the rule of law”.