Feeds

Irish court peels off gloves, hands Facebook PROBE request to ECJ

Top court to decide if EU law needs PRISM tweak

Security for virtualized datacentres

The High Court in Ireland has referred a review of a complaint against Facebook to Europe's top court. The complaint alleges the social network shared EU users' data with the US National Security Agency.

The European Court of Justice is to assess whether EU law needs to be updated in light of the PRISM revelations, which could have a knock-on effect on tech firms from Facebook to Google.

Austrian law student Maximillian Schrems took Facebook to court in Ireland, where the social network’s European HQ is located, over the revelations from NSA whistleblower Edward Snowden that personal data held by tech firms like Facebook was routinely being slurped by US spooks.

Schrems first asked the Irish Data Commissioner to investigate the legality of Facebook Ireland sending his info over to the States, where it could be seen by the security services, but when the commissioner refused to investigate, he sought a judicial review at the High Court.

The Commissioner had ruled that Schrems didn’t have a case because he couldn’t prove that anyone had slurped his data in particular and anyway, the EU has an agreement with the US under the “Safe Harbour” principle decided way back in 2000. This principle governs data flow from Europe to United States and allows US firms to self-certify themselves as respectful of European data protection rules.

High Court Justice Gerard Hogan said Schrems did not need to prove that his own data had been spied upon to make a complaint.

“Quite obviously, Mr Schrems cannot say whether his own personal data has ever been accessed or whether it would ever be accessed by the US authorities,” he wrote in his ruling.

“But even if this were considered to be unlikely, he is nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the US security authorities.”

However, he said that only the European Court of Justice could decide that individual member states were allowed to look past the Safe Harbour principle or reinterpret its meaning. Hogan said that Schrems, who had filed on behalf of the Europe-v-Facebook group, really had a problem with this principle and acknowledged that there may be an argument for the idea that the rule was outdated.

“The Safe Harbour Regime… may reflect a somewhat more innocent age in terms of data protection,” he said. “This Regime came into force prior to the advent of social media and, of course, before the massive terrorist attacks on American soil which took place on September 11th, 2001.”

Hogan also admitted that the PRISM programme of surveillance was wrong by the letter of Irish law, which protects people’s data and the inviolability of their homes.

“It is very difficult to see how the mass and undifferentiated accessing by state authorities of personal data generated perhaps especially with the home… could survive constitutional scrutiny,” he said.

“The potential for abuse in such cases would be enormous and might even give rise to the possibility that no facet of private or domestic life with the home would be immune from potential state scrutiny.

“Such a state of affairs – with its gloomy echoes of the mass state surveillance programmes conducted in totalitarian states such as the German Democratic Republic of Ulbricht and Honecker – would be totally at odds with the basic premises and fundamental values of the Constitution.”

However, he said that Irish law is pre-empted by EU law in this case and the Court of Justice needed to assess whether the interpretation of the Safe Harbour Regime needed to be re-evaluated.

Any verdict from the European court will likely apply to all US companies that have participated in PRISM and operate in the region, Schrems said of the ruling.

“We did not prepare for a direct reference to the ECJ, but this is the best outcome we could have wished for,” he said. “We will study the judgment in detail and will take the next steps as soon as possible.” ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.