US defends its data privacy protections in Facebook case

US government tells court it has adequate system in place to protect EU citizens’ data

Data Protection Commissioner Helen Dixon:  made a draft finding in May 2016 that Austrian lawyer Max Schrems had “well-founded” objections to the transfer of his personal data from Facebook Ireland to its US parent. Photograph: Eric Luke
Data Protection Commissioner Helen Dixon: made a draft finding in May 2016 that Austrian lawyer Max Schrems had “well-founded” objections to the transfer of his personal data from Facebook Ireland to its US parent. Photograph: Eric Luke

No other country has explained its national security system in the way the US has to the European Commission, the High Court has been told by lawyers for the US government.

When considered “in the round”, not merely on the basis of judicial remedies, the US provides a system of adequate protection for data privacy rights of EU citizens, Eileen Barrington SC argued.

In circumstances including the agreement between the European Commission and the US on the Privacy Shield framework for data transfers, this case did not raise any “live issues” and there was no basis for the court to find otherwise or refer the matter to the Court of Justice, she said.

She was making final arguments on behalf of the US government in the continuing action by the Data Protection Commissioner.

READ MORE

The case is aimed at having the Court of Justice of the European Union (CJEU) decide the validity or otherwise of European Commission decisions approving transatlantic data transfer channels known as standard contractual clauses (SCCs).

Draft findings

Commissioner

Helen Dixon

initiated the proceedings after she made a draft finding in May 2016 that Austrian lawyer

Max Schrems

had “well-founded” objections to the transfer of his personal data from

Facebook

Ireland to its parent in the US, Facebook Inc. The draft decision was based on her concerns about the adequacy of remedies in the US for breach of EU citizens’ data privacy rights.

Her proceedings are against Facebook and Mr Schrems, but no orders are sought against them and the purpose is to have the Irish court refer the case to the CJEU.

Both Facebook and Mr Schrems oppose referral for very different reasons.

Facebook argues the commissioner’s draft decision is flawed and fails to take into account a range of matters, particularly the 2016 Privacy Shield agreement.

Mr Schrems argues the commissioner has sufficient information to decide his complaint without any referral and she should do so. A referral is unnecessary or at least premature, he contends.

Evidence in the case has concluded and Ms Justice Caroline Costello has been hearing legal submissions from the US government and other entities joined to the case as amici curiae – assistants to the court on legal issues.

Significance

On Friday, Maurice Collins SC, for the

Business Software Alliance

, a global representative association representing companies including

Apple

,

Microsoft

and

Intel

, stressed the enormous significance of the case for his clients as they use SCCs to transfer data to the US and elsewhere.

There is a “signficant framework” of protection in the US, and the commissioner’s draft decision had referred to cases where EU citizens can pursue legal remedies, he said.

The commissioner had come to court effectively saying she wanted to “throw the ball in” concerning issues arising in Mr Schrems’s complaint against Facebook in circumstances where both Mr Schrems and Facebook argued there should be no reference, he said.

While that did not preclude the court taking the view there are well-founded concerns over the validity of the SCC decisions, it was “striking” that the parties to the complaint are “of the one mind”.

After Mr Collins concluded his submissions, Paul Gallagher SC began his reply for Facebook. He will continue his reply when the case resumes on Tuesday.

Mary Carolan

Mary Carolan

Mary Carolan is the Legal Affairs Correspondent of the Irish Times