The European Union courts will hear a case with a far-reaching implications for social meadia companies and others who move large amounts of data via the internet. Facebook’s European subsidiary regularly does so.
In a case brought after former U.S. defense contractor Edward Snowden revealed the extent of electronic surveillance by American security agencies, the Irish court found that Facebook’s transfers may compromise the data of European citizens.
The case, which an Irish court on Tuesday referred to the Court of Justice of the European Union, revolves around where companies can store personal information. Irish High Court Judge Caroline Costello said she had decided to ask the European Court of Justice for a preliminary ruling in the case. “European Union law guarantees a high level of protection to EU citizens … they are entitled to an equivalent high level of protection when their data is transferred outside of the European Economic Area,” she said
Ireland’s data commissioner “has raised well-founded concerns that there is an absence of an effective remedy in U.S. law. for an EU citizen whose data are transferred to the U.S. where they may be at risk of being accessed and processed by U.S. state agencies for national security purposes in a manner incompatible” with the EU’s Charter of Fundamental Rights, the Irish High Court said Tuesday.
Max Schrems is suing Facebook under the claim that, so long as the United States allows bulk surveillance programs, the U.S. cannot guarantee that data stored on servers located on its shores abides by the E.U.’s stringent personal data protections laws.
“U.S. citizens would not be allowed to have such mass surveillance as for European citizens and we have to protect our citizens,” Schrems said. “And actually, Europe protects anybody because we see it as a human right, not as a citizens’ right.”
Currently, Facebook and other companies use what are known as “standard contractual clauses” to assure European users that their personal information is being protected.
“They are essential to companies of all sizes, and upholding them is critical to ensuring the economy can continue to grow without disruption,” the company said in statement.
Schrems launched a similar case against an earlier treaty between the United States and European Union to cover cross-boarder data storage known as Safe Harbor, which the European courts eventually nixed.
The Irish Data Commissioner decided to seek judicial review of standard contractual clauses in part because of “the very significant commercial implications arising from the value of data exchanges to EU-U.S. trading relationships.”
Safe Harbor was replaced by a new treaty, Privacy Shield, which is undergoing similar challenges.
If courts continue to find U.S. protections for European Citizens data insufficient, it could result in U.S. internet service companies being unable to do business with Europe without setting up specialized servers there.