Court to rule on data sharing on Facebook after Schrems withdraws legal challenge against Irish regulator

The High Court of Ireland will rule on a legal challenge by Facebook to overturn a draft decision by the Irish Data Protection Commissioner to suspend the company’s data sharing with the US.

The news follows a last-minute agreement between privacy activist Max Schrems and the data regulator that was due to appear in court today.

The judge, Judge Barniville, said he planned to make a decision on the case “as soon as possible”, pending further cases.

The court was to hear a legal challenge by Schrems, an Austrian lawyer based in Vienna, against the decision of the Data Protection Commissioners (DCP) to issue the draft order against Facebook to stop its data transfers to the United States.

Schrems said he was concerned that Helen Dixon’s draft decision against Facebook would lead to further delays and negatively affect the regulator’s investigation into his own Facebook complaints.

It also claimed that the DPC investigation, which the regulator took on “of its own accord,” would not fully examine the legal grounds on which Facebook relies to transfer data from the EU to the US.

Schrems settled his case against the DPC on January 13 after an exchange of letters in which it was agreed how the Schrems complaint will be handled, avoiding the need for a hearing.

The privacy activist first filed a complaint with the DPC against Facebook in 2013, modified in 2015, which has not yet reached a resolution.

Schrems argues that the social media company violates data protection law by exporting data on European citizens to the US He claims that European data is subject to massive surveillance by the US National Security Agency. With few legal safeguards to protect the privacy of EU citizens.

Facebook sues Irish data regulator

Facebook started its own proceedings against the DPC in August 2020 after the regulator revealed that it had made a preliminary decision that Facebook Ireland should not transfer personal data outside the EU to its US parent Facebook Inc.

The DPC said that Facebook’s data transfers did not guarantee a level of protection to data subjects equivalent to those provided for in EU law.

The draft order followed a landmark ruling by the European Union Court of Justice in July 2020, which annulled the EU-US Privacy Shield agreement. USA

On Wednesday [13 January 2021] Attorneys representing Schrems said the investigation into Schrems’s complaint should proceed as outlined in a Jan.12 DPC letter.th 2021. This means that the court did not have to resolve the issues in Mr. Schrems’s case other than the costs.

Judge Barniville agreed to postpone the Schrems case until after he has passed judgment on the Facebook case.

He said he hoped to pass a judgment as soon as possible, but had to prepare and deliver several other judgments first.

Previously, the judge said that he had received witness statements on behalf of the DPC and Facebook regarding the number of investigations carried out by the DPC of its own free will, since 2018.

The court heard that the DPC had carried out 83 investigations “of its own accord”, of which 27 were cross-border investigations. Facebook was part of 11 of the cross-border inquiries.

The only pending issue in his process is related to legal costs. The parties agreed that the costs can be decided by Judge Barniville after sentencing in the Facebook case.

Schrems says ‘walls closing in’ on Facebook

Following a settlement with the DPC, Schrems said that the DPC’s Facebook investigation would hear his remarks and that he would also receive copies of all Facebook submissions, if the court allows the DPC’s draft order to go ahead.

He said in a statement that the “walls were closing in” at the social media company. “Several courts have now held that the DPC must investigate this complaint.”

Gerard Rudden, Schrems’s attorney, said the DPC has largely agreed with Max Schrems that Facebook cannot continue to transfer data to the United States.

“When it comes to the question of whether Facebook can continue to transfer data to the US, the DPC has largely agreed with us in court,” he said.

“It has repeatedly taken the strong view that Facebook cannot continue to transfer data from the EU to the United States. However, the DPC has not issued a decision to that effect in 7.5 years.. “

Schrems said the DPC and had also agreed that the case would be dealt with under GDPR rather than the Irish Data Protection Act which was in effect prior to 2018.

Max Schrems’ long battle with Facebook

July 26, 2000: The European Commission makes the decision to allow the transfer of data between the EU and the US between organizations that self-certify that they comply with Safe Harbor. European regulators have the right to suspend data transfers if safe harbor principles are violated.

June 25, 2013: Max Schrems files a formal complaint with the Irish Data Protection Commission against Facebook Ireland. He cites probable cause that Facebook is violating the Irish Data Protection Act and the European Data Protection Directive by providing “bulk access” to the data of European citizens to the NSA.

25, July of 2013: The Irish Data Protection Commission rejects Schrems’ complaint, arguing that it is frivolous and vexatious.

June 18, 2014: In the High Court of Ireland, Judge Desmond Hogan asks the Court of Justice of the European Union to determine whether the Irish Data Protection Commission is bound by the Safe Harbor Agreement. The ruling determined that the United States habitually accesses personal data in a “massive and undifferentiated” manner.

October 6, 2015: The Court of Justice rules that the safe harbor agreement allowing data transfers between the EU and the US is invalid, following Schrems’ complaint.

November 20, 2015: Facebook Ireland signs an agreement with Facebook Inc to transfer data from Facebook’s European customers to the US using Standard Contractual Clauses (SCC), as an alternative to the Privacy Shield.

December 1, 2015: Schrems files an updated complaint with the Irish DPC. Asks the Irish Data Protection Commissioner to issue a ruling prohibiting data transfers between Facebook Ireland and Facebook Inc in the US On the grounds that Facebook Inc illegally makes your data available to US intelligence via the Prism compilation program.

February 7, 2017: The Irish Data Protection Commission takes legal action in the Dublin commercial court against Facebook and Schrems. Helen Dixon argues that the court should require the Court of Justice of the European Union to decide whether transatlantic data transfer channels violate the privacy rights of EU citizens. The United States government argues that the case could have wide commercial ramifications.

October 3, 2017: The High Court of Ireland decides to ask the ECJ to rule on the validity of data transfers between the EU and the US.

April 12, 2018: The High Court of Ireland proposes 11 questions for the Court of Justice of the European Union to determine that will test whether companies can legally transfer data to the US In light of Edward Snowden’s revelations that the US. He is involved in large-scale surveillance of EU citizens.

May 9, 2018: The High Court of Ireland refers 11 questions on the validity of the SCC and the Privacy Shield to the ECJ.

November 1, 2018: Facebook files an unprecedented appeal to the Supreme Court of Ireland in an attempt to stop the Supreme Court of Ireland’s consultation on the validity of data transfer agreements between the EU and the US. To the Court of Justice of the European Union.

January 21-23, 2019: The Dublin Supreme Court hears a three-day appeal from Facebook against a decision by the High Court of Ireland to refer 11 questions on the legality of data transfers between Europe and the US to the ECJ, in which the US government Bear witness. The Irish Data Protection Commission argues that Facebook is trying to avoid an adverse finding by the European court that SCCs are illegal.

December 12, 2019: General Counsel Henrik Saugmandsgaard Øe finds in a primary opinion that the standard contractual clauses are legal, but raises questions about the impact of US surveillance on the legality of the Privacy Shield.

June 27, 2020: Schrems’ lawyers write to the Irish Data Protection Commissioner to demand that she set a clear timetable for the regulator to make a decision on the legality of the transfer of data from EU citizens by Facebook Ireland to Facebook in the US. USA

July 16, 2020: Europe’s highest court annuls the EU-US Privacy Shield agreement. UU., Nulling the legal basis that allows more than half a million American companies to exchange data with Europe.

July 23, 2020: The European Data Protection Board (EDPD) issues guidelines on the use of standard contractual clauses as a legal mechanism for sending data abroad, and advises companies to conduct a case-by-case analysis and consider what complementary measures could be implemented to mitigate the Privacy.

August 2020: Ireland’s Data Protection Commissioner sends Facebook a preliminary order to stop transferring data from the EU to the US.

August 12, 2020: The EU and the US begin talks about a possible successor to the Privacy Shield agreement that could put the exchange of data between the EU and the US on a legal basis.

August 19, 2020: Facebook suggests in a letter that, after the European Union Court of Justice struck down the privacy shield and raised questions about the legality of standard contract clauses, it is relying on a new legal basis for sharing data with the US. .: The need to process data in the US under contract with its users.

September 9, 2020: Nick Clegg, Vice President of Communications and Global Affairs at Facebook, warns in a blog post that the draft order of the Irish Data Protection Commissioners to suspend the exchange of data with the US could have effects of powerful in companies that depend on SCCs and online services in general.

September 10, 2020: Facebook files a judicial review against the Irish Data Protection Commissioner, challenging a preliminary order requiring Facebook to suspend data transfers to the US.

Add Comment