Europe's highest court to rule on Facebook NSA data-sharing case

The NSA's mass surveillance program could change Europe and the US's 2000 Safe Harbour agreement.

The European Court of Justice will now rule on Facebook's data sharing with the NSA. Image: ECJ

Ireland's high court has referred a complaint over Facebook's practice of sharing data with US spy agencies to Europe's highest court.

The Europe Court of Justice, which earlier this year struck down Europe's data retention directive for trampling on Europeans' privacy rights, will have a new landmark case to rule on, this time assessing whether Europe's laws need adjusting following Edward Snowden's revelations of the US National Security Agency's PRISM program .

The case that Ireland's high court referred to the Europe Court of Justice (ECJ) was brought by Austrian privacy campaigner Max Schrem. Ireland's data protection commissioner had previously denied Schrem's request for the country's privacy watchdog to audit Facebook for allegedly sharing data with the NSA, citing the European-US Safe Harbour agreement from 2000.

Companies such as Facebook, Google, and others can self-certify that they respect Europe's privacy laws. The Safe Harbour agreement also provides for US law enforcement access to user data with a warrant. Ireland's data watchdog knocked back the request since Europe has already deemed that the US offers adequate data protections.

The Irish high court judge has asked the ECJ to decide however whether data protection authorities are absolutely bound by the Safe Harbour agreement, or whether they can conduct their own investigations in light of PRISM's mass surveillance program.

While Ireland's privacy watchdog said Schrem's complaints were hypothetical and speculative, the high court judge disagreed.

"The Snowden revelations demonstrate that the US security services can routinely access the personal data of European citizens which has been so transferred to the United States and, in these circumstances, one may fairly question whether US law and practice in relation to data protection and State security provides for meaningful or effective judicial or legal control."

Schrems said: "We did not prepare for a direct reference to the ECJ, but this is the best outcome we could have wished for. We will now study the judgment in detail and will take the next steps as soon as possible."

Read more on Facebook