An Irish high court judge has fixed next February to hear the action by the data protection commissioner over the legality of existing data transfer channels between the EU and the US.
Justice Brian McGovern fixed the hearing, which has potentially huge implications for EU-US trade and the data privacy rights of millions of EU citizens, to open on 7 February 2017. It will run for up to three weeks.
Commissioner Helen Dixon wants the high court to refer issues concerning the validity of data transfer channels – known as standard contractual clauses and approved by various European Commission decisions – to the Court of Justice of the EU (CJEU) for determination.
She brought proceedings after making a draft finding last May that Austrian lawyer Max Schrems (pictured) had raised well-founded objections as to whether the existing channels breach the data privacy rights of EU citizens.
That finding arose from a complaint by Schrems about was happening to his Facebook data when sent to the US for processing.
The commissioner’s case is against Schrems and Facebook Ireland because Facebook’s European headquarters are based there.
On Monday, the case was before Justice McGovern to make directions for exchange of legal documents between the sides for the full hearing and to fix a hearing date.
The judge dismissed arguments by Eoin McCullough, representing Schrems, that before any high court hearing, the commisisoner should make a “full” finding on facts.
The commissioner, counsel argued, had so far made only a draft finding concerning Schrems’ objections and had said her decision was subject to further submissions from Schrems and Facebook.
A final decision on facts before any high court hearing to refer issues to the CJEU would save time and costs, the judge said.
Facebook claims Schrems’ arguments ‘misconceived’
Paul Gallagher, counsel for Facebook, described Schrems’ arguments as “extraordinary” and “misconceived” and made too late in circumstances where Schrems had taken part in pre-hearing preparations.
Michael Collins, for the commissioner, agreed and said Dixon had followed the correct procedure for seeking a reference. Unlike a normal reference to the CJEU which is then returned to a national deciding authority, no national court can declare a decision of the European Commission invalid – only the European court can do that, said Collins.
The judge rejected Schrems’ arguments and made the directions requested. He also fixed for hearing for 17 October Schrems’ application for a protective costs order, aimed at ensuring he will not be exposed to any liability for legal costs.
Read previous coverage of the case
- Facebook and Irish business groups say a legal challenge to standard contractual clauses, used to permit data transfers between Europe and the UK, could cut 1% from Europe’s GDP if it succeeds.
- Dublin court case on the legality of Facebook’s data transfers to the US raises issues that affect US national security, claims US Department of Justice.
- The US says social media companies have to do mass surveillance in Europe, while the European Union says they can’t. The Irish court will decide competing claims.
- An Irish high court judge has granted an unprecedented application by the US government to be joined to a major legal action over whether existing EU-US data transfer channels unlawfully breach the privacy rights of EU citizens.
The judge refused as too late a request by Declan McGrath, for Nasscom, an Indian-based IT trade representative body, for leave to bring an application to be joined as amicus curiae (assistant to the court on legal issues).
Nasscom learned of the Irish court proceedings only in recent days and was concerned about the implications for Indian entities that are heavily reliant on data transfers, counsel said.
The case could bring a unique perspective to the potential impact on entities outside the EU and US, said McGrath. While the EU and US recently agreed a Privacy Shield arrangement on data transfer, that did not apply to third countries, he added.
Last week, the judge granted applications by the US government; US-based data privacy watchdog EPIC (Eletronic Privacy Information Centre); the Business Software Alliance and Digital Europe to be joined to the case as amicii curiae. Only a party to the Irish proceedings can take part in any reference to the CJEU.