Feeds

Irish court peels off gloves, hands Facebook PROBE request to ECJ

Top court to decide if EU law needs PRISM tweak

Choosing a cloud hosting partner with confidence

The High Court in Ireland has referred a review of a complaint against Facebook to Europe's top court. The complaint alleges the social network shared EU users' data with the US National Security Agency.

The European Court of Justice is to assess whether EU law needs to be updated in light of the PRISM revelations, which could have a knock-on effect on tech firms from Facebook to Google.

Austrian law student Maximillian Schrems took Facebook to court in Ireland, where the social network’s European HQ is located, over the revelations from NSA whistleblower Edward Snowden that personal data held by tech firms like Facebook was routinely being slurped by US spooks.

Schrems first asked the Irish Data Commissioner to investigate the legality of Facebook Ireland sending his info over to the States, where it could be seen by the security services, but when the commissioner refused to investigate, he sought a judicial review at the High Court.

The Commissioner had ruled that Schrems didn’t have a case because he couldn’t prove that anyone had slurped his data in particular and anyway, the EU has an agreement with the US under the “Safe Harbour” principle decided way back in 2000. This principle governs data flow from Europe to United States and allows US firms to self-certify themselves as respectful of European data protection rules.

High Court Justice Gerard Hogan said Schrems did not need to prove that his own data had been spied upon to make a complaint.

“Quite obviously, Mr Schrems cannot say whether his own personal data has ever been accessed or whether it would ever be accessed by the US authorities,” he wrote in his ruling.

“But even if this were considered to be unlikely, he is nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the US security authorities.”

However, he said that only the European Court of Justice could decide that individual member states were allowed to look past the Safe Harbour principle or reinterpret its meaning. Hogan said that Schrems, who had filed on behalf of the Europe-v-Facebook group, really had a problem with this principle and acknowledged that there may be an argument for the idea that the rule was outdated.

“The Safe Harbour Regime… may reflect a somewhat more innocent age in terms of data protection,” he said. “This Regime came into force prior to the advent of social media and, of course, before the massive terrorist attacks on American soil which took place on September 11th, 2001.”

Hogan also admitted that the PRISM programme of surveillance was wrong by the letter of Irish law, which protects people’s data and the inviolability of their homes.

“It is very difficult to see how the mass and undifferentiated accessing by state authorities of personal data generated perhaps especially with the home… could survive constitutional scrutiny,” he said.

“The potential for abuse in such cases would be enormous and might even give rise to the possibility that no facet of private or domestic life with the home would be immune from potential state scrutiny.

“Such a state of affairs – with its gloomy echoes of the mass state surveillance programmes conducted in totalitarian states such as the German Democratic Republic of Ulbricht and Honecker – would be totally at odds with the basic premises and fundamental values of the Constitution.”

However, he said that Irish law is pre-empted by EU law in this case and the Court of Justice needed to assess whether the interpretation of the Safe Harbour Regime needed to be re-evaluated.

Any verdict from the European court will likely apply to all US companies that have participated in PRISM and operate in the region, Schrems said of the ruling.

“We did not prepare for a direct reference to the ECJ, but this is the best outcome we could have wished for,” he said. “We will study the judgment in detail and will take the next steps as soon as possible.” ®

Intelligent flash storage arrays

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.