At 9.30am on Thursday in Luxembourg, a country of which we know little, in the European Court of Justice (ECJ), a strange court of which we know even less, 11 obscure legal questions will be answered.
The answers will be couched in technical language of excruciating complexity, but they will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as “mass and indiscriminate surveillance” by the US.
The UK was first warned about this surveillance when The Guardian ran its prize-winning story about American whistleblower Edward Snowden on 5 June 2013. Snowden told the world that the US government had all of us under surveillance, using nine internet companies as collection agents in foreign countries like ours. The surveillance programme is called Prism. As The Guardian was telling its story, one of the principles in the court case on Thursday, Austrian lawyer Max Schrems (pictured above) was heading for the Irish High Court to demand that Facebook should be stopped from stealing his data.
On 18 June 2014, judge Gerard Hogan of the Irish High Court, in a finding of fact for Max Schrems, said: “I will proceed on the basis that personal data transferred by companies such as Facebook Ireland to its parent company in the United States is thereafter capable of being accessed by the NSA [National Security Agency] in the course of mass and indiscriminate surveillance of such data.”
The Irish judge had been pipped to the post by an English High Court judge, Anthony May, who warned the UK Parliament on 8 April 2014 that the surveillance revealed by Snowden would be “criminal and unlawful” if it was run in the UK.
Seven years in court
Between those two judgments and the answers on Thursday lies a court case now in its seventh year. The litigation, starting in the Irish High Court in 2013, passed from the Irish High Court to the European Court of Justice in 2015, then back to the Irish High Court in 2016, and finally to the Irish Supreme Court in 2018, where a definitive judgment was made on 31 May 2019. But not quite. In 2018, in mid-flight between the Irish High Court and the Irish Supreme Court, an Irish judge, Caroline Costello, sent 11 questions about the matter to the European Court of Justice, which will be decided this week.
On 31 May 2019, led by the chief justice of Ireland, judge Frank Clarke, the Irish Supreme Court unanimously dismissed an application by the US government and Facebook to quash judge Hogan’s findings of 18 June 2014 – that the US was engaged in “mass and indiscriminate surveillance” throughout the EU (including the UK).
Until the US halts the Prism programme, its nine agents, named in the UK Parliamentary Hansard on 17 April 2018, and again on 14 February 2019, as Microsoft, Apple, Google, Facebook, Yahoo, Hotmail, Skype, You Tube and AOL, remain in the frame for their part in enabling serious breaches of all EU and UK data protection laws. By now, the number of companies taking part in Prism and similar surveillance programmes must be far greater.
Boris Johnson’s meeting in the Wirral
On 1 November 2018, the UK’s biggest spy agency, GCHQ, made a public appeal in Dublin for the Irish spooks to get on board for a campaign against alleged Russian cyber crime.
The Irish spooks pointed out that questions had been raised in the Irish courts about GCHQ’s partner in surveillance, the US National Security Agency, over its interception of data of EU citizens.
On 10 October 2019, during a three-hour meeting with the Irish premier (Taoiseach) at the Thornton Manor Hotel on the Wirral, prime minister Boris Johnson was reminded of what the Irish intelligence agency, G2, had told GCHQ. Johnson was also appraised, in detail, of the findings of the Irish Supreme Court.
He was, it has been suggested, told that if GCHQ continued its partnership with the NSA, against EU citizens, the EU would consider cutting the UK off from all EU data transfers.
In the front line of all this are the 37 million UK users of the internet, who have had their data captured by the US. After seven years of major litigation, all of it affecting them but none of it in the UK, in two Supreme Courts, one High Court and from the UK Parliament, but unreported, at an estimated cost of over £50m, UK internet users are unaware of the scale of the unlawful theft of their data.
Read more about surveillance
- Social media giant challenges a ruling by Dublin’s High Court over a judgment that it says made ‘extraordinary and incorrect’ findings about the US legal system.
- The European Court of Justice will deliver an opinion on whether Europe can legally continue to send private data about European citizens to the US.
- Following a tribunal ruling, constabularies in England and Wales can refuse to confirm or deny whether they use mass surveillance devices, known as IMSI-catchers to monitor people’s location, phone calls and text messages.
Read more on Cloud applications
Schrems v Facebook: European court strikes down EU-US Privacy Shield agreement
European court to decide legality of EU-US data sharing in dispute between Schrems and Facebook
Facebook: Legality of EU-US data sharing to be decided by Court of Justice
Can Europe legally share data with the US? A court far away is about to decide