Feeds

Irish court peels off gloves, hands Facebook PROBE request to ECJ

Top court to decide if EU law needs PRISM tweak

Internet Security Threat Report 2014

The High Court in Ireland has referred a review of a complaint against Facebook to Europe's top court. The complaint alleges the social network shared EU users' data with the US National Security Agency.

The European Court of Justice is to assess whether EU law needs to be updated in light of the PRISM revelations, which could have a knock-on effect on tech firms from Facebook to Google.

Austrian law student Maximillian Schrems took Facebook to court in Ireland, where the social network’s European HQ is located, over the revelations from NSA whistleblower Edward Snowden that personal data held by tech firms like Facebook was routinely being slurped by US spooks.

Schrems first asked the Irish Data Commissioner to investigate the legality of Facebook Ireland sending his info over to the States, where it could be seen by the security services, but when the commissioner refused to investigate, he sought a judicial review at the High Court.

The Commissioner had ruled that Schrems didn’t have a case because he couldn’t prove that anyone had slurped his data in particular and anyway, the EU has an agreement with the US under the “Safe Harbour” principle decided way back in 2000. This principle governs data flow from Europe to United States and allows US firms to self-certify themselves as respectful of European data protection rules.

High Court Justice Gerard Hogan said Schrems did not need to prove that his own data had been spied upon to make a complaint.

“Quite obviously, Mr Schrems cannot say whether his own personal data has ever been accessed or whether it would ever be accessed by the US authorities,” he wrote in his ruling.

“But even if this were considered to be unlikely, he is nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the US security authorities.”

However, he said that only the European Court of Justice could decide that individual member states were allowed to look past the Safe Harbour principle or reinterpret its meaning. Hogan said that Schrems, who had filed on behalf of the Europe-v-Facebook group, really had a problem with this principle and acknowledged that there may be an argument for the idea that the rule was outdated.

“The Safe Harbour Regime… may reflect a somewhat more innocent age in terms of data protection,” he said. “This Regime came into force prior to the advent of social media and, of course, before the massive terrorist attacks on American soil which took place on September 11th, 2001.”

Hogan also admitted that the PRISM programme of surveillance was wrong by the letter of Irish law, which protects people’s data and the inviolability of their homes.

“It is very difficult to see how the mass and undifferentiated accessing by state authorities of personal data generated perhaps especially with the home… could survive constitutional scrutiny,” he said.

“The potential for abuse in such cases would be enormous and might even give rise to the possibility that no facet of private or domestic life with the home would be immune from potential state scrutiny.

“Such a state of affairs – with its gloomy echoes of the mass state surveillance programmes conducted in totalitarian states such as the German Democratic Republic of Ulbricht and Honecker – would be totally at odds with the basic premises and fundamental values of the Constitution.”

However, he said that Irish law is pre-empted by EU law in this case and the Court of Justice needed to assess whether the interpretation of the Safe Harbour Regime needed to be re-evaluated.

Any verdict from the European court will likely apply to all US companies that have participated in PRISM and operate in the region, Schrems said of the ruling.

“We did not prepare for a direct reference to the ECJ, but this is the best outcome we could have wished for,” he said. “We will study the judgment in detail and will take the next steps as soon as possible.” ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.