Facebook data privacy case to be heard before European Union court

European Union

A Facebook user is taking his privacy campaign to the European Union’s highest court to prevent US intelligence agencies gaining access to his personal data.

The case brought by Maximilian Schrems against Ireland’s Data Protection Commission may eventually shape international regulations over access to, and ownership of, online information.

The Austrian law student began the case before the US whistleblower Edward Snowden revealed that the US National Security Agency was routinely intercepting data from emails, social media and telephones.

His initial complaint was to Facebook over what was happening to his personal records. He eventually recovered 1,222 pages of material in 2011 from the US company, whose European headquarters are based in Dublin.

Publication of Snowden’s revelations spurred him on to take action against the data regulator in the Irish Republic, arguing that his privacy should have been safeguarded against security surveillance. The regulator declined to intervene.

Schrems, whose legal case has been crowdfunded, maintains that companies inside the EU should not be able to transfer data to the US under “safe harbour” protections – which state that US data protection rules are adequate if information is passed by companies on a “self-certify” basis – because America no longer qualifies for such a status.

He is seeking a declaration that the safe harbour designation under EU law should be cancelled and that the Irish DPC should audit the exchange of information rather than allow it to continue unexamined.

The law student lost his claim against the regulator in the Irish high court where the judge, Desmond Hogan, said that only the naive or credulous could have been surprised by the Snowden expose.

But the judge did ask the European court of justice, in Luxembourg, to examine whether Ireland’s data watchdog is bound by safe harbour and whether an investigation should be launched in in light of the Snowden revelations.

He said Facebook users should have their privacy respected under the Irish constitution, and added: “It would be necessary to demonstrate that this interception and surveillance of individuals or groups of individuals was objectively justified in the interests of the suppression of crime and national security and, further, that any such interception was attended by the appropriate and verifiable safeguards.”

Schrems’s case will be heard in Luxembourg on Tuesday. Its hearings are not televised and judgment will be reserved.

“The promise of a higher level of data protecting is being betrayed by [Europe] to serve business interests,” Schrems has said. He has formed an advocacy group, Europe v Facebook.

Powered by Guardian.co.ukThis article was written by Owen Bowcott Legal affairs correspondent, for theguardian.com on Tuesday 24th March 2015 09.51 Europe/Londonguardian.co.uk © Guardian News and Media Limited 2010