Major case affecting privacy of EU citizens to kick off in Ireland’s High Court

7 Feb 2017

The Data Protection Commissioner, Helen Dixon, is questioning the validity of standard contractual clauses. Image: Leonid Andronov/Shutterstock

A case is being led by Data Protection Commissioner Helen Dixon, which could have implications not only for EU-US trade, but the privacy of hundreds of millions of EU citizens.

The Data Protection Commissioner (DPC), Helen Dixon, believes there is merit in Max Schrems’s questions over the validity of so-called standard contractual clauses (SCCs).

The SCCs are apparently designed to ensure European citizens enjoy the same level of protection in the US as they do in the EU when the data is processed.

She is asking the High Court to refer the question of SCC validity to the court of justice of the European Union (CJEU).

However, Schrems disagrees and believes the DPC has sufficient powers to deal with SCCs used by US tech companies in the transfer of data to the US.

Tech companies such as Facebook argue that without the so-called SCCs, transatlantic trade would grind to a halt.

It is estimated that about 80pc of companies transferring data from the EU rely on SCCs.

The Snowden effect

The case has its origins in Austrian lawyer Max Schrems’s 2014 complaint to the DPC about data transfers by Facebook in Ireland to the US, in the wake of the Edward Snowden revelations about the NSA’s PRISM spying system.

This resulted in the CJEU bringing to an end the Safe Harbour framework that had been used by Facebook and 4,500 other companies to transfer data to the US.

It was replaced by the EU-US Privacy Shield, a new framework designed to give EU citizens protection rights and the ability to seek redress.

However, the Privacy Shield is under review and already faces challenges on the legal front from Digital Rights Ireland as well as a French privacy group.

In the case that begins today (7 February), it is expected that both Schrems and Facebook will argue against the case being referred to the CJEU, for different reasons.

All eyes are also on the US government, which is expected to make a submission to the court.

Last year the government, along with the Business Software Alliance and the Electronic Privacy Center, were permitted to join the proceedings under an amicus curiae (‘friends of the court’) brief.

The case, which opens before the commercial division of the High Court, could last up to three weeks, and could affect the privacy of hundreds of millions of EU citizens.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com