Maren Winter - stock.adobe.com

Can Europe legally share data with the US? A court far away is about to decide

The European Court of Justice will deliver an opinion on whether Europe can legally continue to send private data about European citizens to the US

One of Boris Johnson’s slogans, which probably won him the General Election, was to “get Brexit done”. Within that slogan, he has often stated that he wanted the UK out of the jurisdiction of the European Court of Justice (ECJ), a court far, far away, of which most of us in the UK know little or nothing.

But well might the prime minister want to avoid the European supreme court, having fared so badly with the UK Supreme Court and the Scottish Supreme Court, which both found he had misled the Queen and unlawfully shut down Parliament. Johnson has now trumped the law, won an election and paid no penalty for his misdeeds. But in Europe he faces a far more serious challenge.

The European Court of Justice will deliver an opinion this week on whether our ally the US is still conducting criminal and unlawful surveillance of about 40 million of us in the UK, and tens of millions of other people in Europe.

Five years ago, in October 2015, that court endorsed the findings of fact of the Irish High Court in June 2014 and struck down the fraudulent arrangement, called Safe Harbour, that purported to legitimise what had been data theft and interception by the National Security Agency (NSA) since September 2007.   

The findings of fact by the Irish High Court were extraordinary. That court’s judge, Gerard Hogan, found that, using nine internet companies as agents, the NSA was engaged in “mass and indiscriminate surveillance” throughout the European Union (EU), including the UK.

Those findings of fact received little public attention, even after they were endorsed by the European Court of Justice and became applicable law in the UK in October 2015. But then the UK media had never reported that the UK investigatory powers commissioner, Anthony May, had told Parliament in April 2014, ahead of judge Hogan, and Parliament accepted, that “mass and indiscriminate surveillance” in the UK was criminal and unlawful.

Shortly after the ECJ endorsed the finding of fact by judge Hogan in October 2015, the Investigatory Powers Tribunal of the High Court of England and Wales invited two UK police forces, Devon and Cornwall and the Met, to investigate the criminal findings of fact, and the information commissioner to investigate the unlawful theft of data in the UK on behalf of Child A and Child B and this writer.

Both the police and the information commissioner refused the High Court invitation, which was later extended to all 47 UK chief constables. It was only this year, in August, that the National Council of Police Chiefs said the order not to investigate came from the then home secretary Theresa May.

In May 2019, the Irish Supreme Court dismissed, conclusively and categorically, an appeal by Facebook and the US government against the findings of fact of the Irish High Court. Whatever the ruling this week by the European Court, there is no escape in law, for Facebook and the US government.

Everyone who has had their communications and data intercepted by the nine companies – named in the House of Commons record on 17 April 2018 and 14 February 2019 as Microsoft, Apple, Google, Yahoo, Facebook, You Tube, AOL, Pal Talk and Skype – is entitled to compensation under UK data law, and redress against the EU Commission under Article 41 of the European Union Charter of Fundamental Rights.

How has this all happened? Deep in the second half of the Irish Supreme Court judgment in May is a name, that of Robert Litt. He is credited with persuading 27 of the EU member state governments not to implement the European Court findings.

Litt was a spy and the councillor to the head of US intelligence as he cruised around Europe, cancelling the law and the court judgments. One of the places he negated the law was in the UK, via GCHQ. The person who now sanctions the criminal surveillance in the UK, via his instructions to GCHQ, is Boris Johnson, the prime minister.  

Read more on IT for government and public sector

CIO
Security
Networking
Data Center
Data Management
Close