Europe’s top court is to rule on a case that seeks to force data protection authorities to investigate allegations that Facebook passes personal data to the US National Security Agency.
The case, brought by Austrian privacy campaigner Max Schrem, was referred to the European Court of Justice (ECJ) in Luxembourg by the high court in Dublin.
Schrem took the case to the high court after Ireland’s Data Protection Commissioner dismissed his application for an audit of the data whistleblower Edward Snowden alleges Facebook passes to the NSA.
The Irish data protection watchdog said there were no grounds for an investigation, because Facebook's data exportation is covered by the Safe Harbour agreement. The Safe Harbour treaty provides a means for US companies to transfer personal data from the EU to the US that meets EU data protection requirements.
Schrem argued that, when Facebook collects user data and exports it to the US, it is giving the NSA the opportunity to use the data for mass surveillance of personal information without probable cause.
Read more about internet surveillance
- Mass surveillance must end, says EU inquiry
- State surveillance keeping a third of firms from the cloud
- Bruce Schneier: Time for society to decide on Internet surveillance
- MEPs call for immediate halt to NSA surveillance
- RSA 2014: FBI director promises surveillance with privacy
- Clegg calls for transparency in UK security surveillance
- UK intelligence heads defend mass surveillance operations
Referring the case to the ECJ, judge Desmond Hogan said evidence suggested that personal data was routinely accessed on a "mass and undifferentiated basis" by the NSA, reports the Guardian.
Hogan adjourned the case in Ireland while the ECJ considers whether Ireland's Data Protection Commissioner is bound by the Safe Harbour agreement.
Hogan has also asked the ECJ to rule on whether an investigation can be launched in Ireland in response to Snowden’s revelations of mass internet surveillance by the NSA.
He said Facebook users should have their privacy respected under the Irish constitution. He said that, for such interception of communications to be constitutionally valid, it would be necessary to demonstrate that it was justified in the interests of the suppression of crime and national security, and was attended by the appropriate and verifiable safeguards.
Schrem welcomed the Irish high court’s decision. "We expected to win it in Ireland, but having a European ruling on it is more than we could have asked for,” he said.
UK surveillance policy
The referral of the case comes as a challenge by privacy groups forced top UK counter-terrorism official Charles Farr to reveal a secret government policy justifying mass surveillance of Facebook, Twitter, YouTube and Google users in the UK.
Farr, the director general of the Office for Security and Counter Terrorism said in a witness statement that the surveillance is permitted under the law because communications via US-based online services are defined as “external communications”.
Farr’s statement comprises the UK government's first explanation as to how it considers it legal to intercept communications through its Tempora programme, which Snowden alleges is closely allied to the NSA’s Prism surveillance programme.
Read more on Privacy and data protection
EU and US start discussions on ‘enhanced’ Privacy Shield data-sharing agreement
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement
European court to decide legality of EU-US data sharing in dispute between Schrems and Facebook
Facebook: Legality of EU-US data sharing to be decided by Court of Justice