Europe's highest court to rule on Facebook NSA data-sharing case

Summary:The NSA's mass surveillance program could change Europe and the US's 2000 Safe Harbour agreement.

court-of-justice-of-the-european-union-thumb
The European Court of Justice will now rule on Facebook's data sharing with the NSA. Image: ECJ

Ireland's high court has referred a complaint over Facebook's practice of sharing data with US spy agencies to Europe's highest court.

The Europe Court of Justice, which earlier this year struck down Europe's data retention directive for trampling on Europeans' privacy rights, will have a new landmark case to rule on, this time assessing whether Europe's laws need adjusting following Edward Snowden's revelations of the US National Security Agency's PRISM program .

The case that Ireland's high court referred to the Europe Court of Justice (ECJ) was brought by Austrian privacy campaigner Max Schrem. Ireland's data protection commissioner had previously denied Schrem's request for the country's privacy watchdog to audit Facebook for allegedly sharing data with the NSA, citing the European-US Safe Harbour agreement from 2000.

Companies such as Facebook, Google, and others can self-certify that they respect Europe's privacy laws. The Safe Harbour agreement also provides for US law enforcement access to user data with a warrant. Ireland's data watchdog knocked back the request since Europe has already deemed that the US offers adequate data protections.

The Irish high court judge has asked the ECJ to decide however whether data protection authorities are absolutely bound by the Safe Harbour agreement, or whether they can conduct their own investigations in light of PRISM's mass surveillance program.

While Ireland's privacy watchdog said Schrem's complaints were hypothetical and speculative, the high court judge disagreed.

"The Snowden revelations demonstrate that the US security services can routinely access the personal data of European citizens which has been so transferred to the United States and, in these circumstances, one may fairly question whether US law and practice in relation to data protection and State security provides for meaningful or effective judicial or legal control."

Schrems said: "We did not prepare for a direct reference to the ECJ, but this is the best outcome we could have wished for. We will now study the judgment in detail and will take the next steps as soon as possible."

Read more on Facebook

Topics: Security, EU, Privacy

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.