dade72 - Fotolia

Irish row over Safe Harbour deepens

Ireland faces legal challenge over the independence of its data commissioner, in wake of the scrapping of the Safe Harbour data protection agreement

Ireland – which hosts some of the largest American internet and technology companies – was plunged into fresh turmoil as digital advocacy group Digital Rights Ireland (DRI) launched court proceedings against the Irish government and Irish data protection commissioner Helen Dixon.

DRI filed papers accusing the Irish government of failing to properly implement European Union (EU) data protection law, or to follow the charter of Fundamental Rights of the European Union by failing to ensure that the Irish data protection commissioner is independent of the government.

The move follows DRI’s support of Austrian student Max Schrems as a co-plaintiff in the European Court of Justice case that led to the striking out of Safe Harbour, the EU-US agreement for the transfer of personal data between Europe and the US, in October 2015.

The European Court of Justice also ordered Irish data regulator Helen Dixon to investigate Schrem’s original complaint.

She has not investigated the complaint to date, and her office in the remote Irish midland’s town of Portarlington has refused to comment as to when – if ever – she will do so.

Dixon spoke in public at a conference in Dublin on 28 January 2016, but chose to focus on the move of her office to Dublin. She declined to comment on the case.

Her office did not respond when asked about the recent court challenge to her independence by DRI.

A spokesperson for DRI said: “In the Schrems case on Safe Harbour, the lack of such an independent watchdog was cited as one of the most significant differences between the European and US privacy systems.”

The Irish Government, due to call a general election on 2 or 3 February 2016, refused to comment.

Deadline for new Safe Harbour passes

The Article 29 working party, the European body of data regulators, is in intense negotiations with the US to try and get a new version of Safe Harbour in place, but failed to do so on 31 January, the deadline set for such an agreement following the outcome of the Schrems case. A statement due on 29 January from the Working Group was not available at the time of writing.

Speaking on conditions of anonymity, a London solicitor said: “Without cancelling Prism, there can be no new agreement. To date, the US has spurned – including direct requests from David Cameron – to terminate Prism”.  

Schrems, a 26-year-old Austrian law student, launched a privacy complaint in 2013 against Facebook, which has based its European operations in the Republic of Ireland, where they are subject to Irish regulators. The case included a complaint about Prism, a surveillance programme run by the US National Security Agency.

The Irish data protection commissioner at the time rejected Schrems’ complaint as “vexatious and frivilous”, but Schrems and DRI asked the Irish High Court to review the commissioner’s decision.

The Irish High Court found, as a finding of fact, that the US was engaged in “indiscriminate mass surveillance” through Prism, a programme that gives the US access to people’s internet activities, through agreements with tech companies including Microsoft Google, Facebook, Yahoo, YouTube and Skype.

Read more on Privacy and data protection