Top European court to rule on NSA Facebook data privacy challenge

Europe’s top court will rule on whether data protection authorities should audit data Facebook allegedly gives to the US National Security Agency

Europe’s top court is to rule on a case that seeks to force data protection authorities to investigate allegations that Facebook passes personal data to the US National Security Agency.

The case, brought by Austrian privacy campaigner Max Schrem, was referred to the European Court of Justice (ECJ) in Luxembourg by the high court in Dublin.

Schrem took the case to the high court after Ireland’s Data Protection Commissioner dismissed his application for an audit of the data whistleblower Edward Snowden alleges Facebook passes to the NSA.

The Irish data protection watchdog said there were no grounds for an investigation, because Facebook's data exportation is covered by the Safe Harbour agreement. The Safe Harbour treaty provides a means for US companies to transfer personal data from the EU to the US that meets EU data protection requirements.

Schrem argued that, when Facebook collects user data and exports it to the US, it is giving the NSA the opportunity to use the data for mass surveillance of personal information without probable cause.

Referring the case to the ECJ, judge Desmond Hogan said evidence suggested that personal data was routinely accessed on a "mass and undifferentiated basis" by the NSA, reports the Guardian.

Hogan adjourned the case in Ireland while the ECJ considers whether Ireland's Data Protection Commissioner is bound by the Safe Harbour agreement.

Constitutional decision

Hogan has also asked the ECJ to rule on whether an investigation can be launched in Ireland in response to Snowden’s revelations of mass internet surveillance by the NSA.

He said Facebook users should have their privacy respected under the Irish constitution. He said that, for such interception of communications to be constitutionally valid, it would be necessary to demonstrate that it was justified in the interests of the suppression of crime and national security, and was attended by the appropriate and verifiable safeguards.

Schrem welcomed the Irish high court’s decision. "We expected to win it in Ireland, but having a European ruling on it is more than we could have asked for,” he said.

UK surveillance policy

The referral of the case comes as a challenge by privacy groups forced top UK counter-terrorism official Charles Farr to reveal a secret government policy justifying mass surveillance of Facebook, Twitter, YouTube and Google users in the UK.

Farr, the director general of the Office for Security and Counter Terrorism said in a witness statement that the surveillance is permitted under the law because communications via US-based online services are defined as “external communications”.

Farr’s statement comprises the UK government's first explanation as to how it considers it legal to intercept communications through its Tempora programme, which Snowden alleges is closely allied to the NSA’s Prism surveillance programme. 

Read more on Privacy and data protection