US government seeks to intervene in Irish data protection case

The case pitting an Austrian Facebook user against the Irish privacy watchdog could influence EU privacy law

Max Schrems at irish dpc
Max Schrems stands in front of the office of the Irish Data Protection Commissioner, where he filed complaints against Facebook. Credit:

The U.S. government wants to intervene in an Irish court case that has already disrupted the transatlantic flow of European Union citizens' personal information on which many businesses rely.

And one of the parties to that case, Austrian Facebook user Max Schrems, is looking forward to the opportunity to have U.S. authorities questioned under oath on a matter that could determine the future of European privacy law.

The U.S. government, the American Chamber of Commerce, an Irish business lobby group, and an international software alliance told the Irish high court on Monday that they want to be added to the case as "amicus curiae" or friends of the court.

"The court adjourned the matter for two weeks to allow them each file a motion in this regard," a court spokesman said Monday evening.

Schrems took the Irish data protection commissioner (DPC) to court because he was unsatisfied with its handling of a complaint he made about Facebook Ireland transferring his personal information to the U.S. for processing, something he felt was in breach of EU data protection law.

That law says that such processing may only be performed in countries providing a level of privacy protection equivalent to that required within the EU, but Schrems said that, in the light of Edward Snowden's revelations about U.S. intelligence operations, the U.S. did not meet EU privacy standards.

However, the European Commission ruled in July 2000 that the Safe Harbor Agreement between the EU and the U.S. did meet those standards.

To find out whether the DPC could challenge the Commission's decision, the High Court of Ireland referred a question the Court of Justice of the European Union -- which in October 2015 ruled not only that the DPC should investigate Schrems' complaint, but also that the Safe Harbor Agreement was inadequate.

That decision prompted thousands of businesses to look for alternative legal mechanisms such as model contract clauses or binding corporate rules to legitimize their transatlantic data transfers while EU and U.S. officials worked out a replacement for Safe Harbor.

The details of the replacement, Privacy Shield, are still being negotiated, making the alternative mechanisms essential to many companies' activities

Last month, though, the Irish High Court was asked by the DPC to refer another question to the CJEU, this time regarding the legality of model contract clauses.

If they too are ruled inadequate, then many U.S. businesses would suffer, perhaps explaining the U.S. government's interest in giving the court its views.

Schrems said he welcomed the U.S. government's request to intervene, because unlike in the negotiations over Privacy Shield, a U.S. representative to the Irish court will not be protected by U.S. laws on confidentiality.

"This is a huge chance to finally get solid answers in a public procedure," he said in a posting to the website of the Europe-v-Facebook campaign group. "I am very much looking forward to raising all the uncomfortable questions on US surveillance programs in this procedure. It will be very interesting how the US government will react to the clear evidence already before the court."