Ireland’s Data Protection Commissioner has agreed to look into a complaint filed by an Austrian law student claiming that Facebook has made his personal data available to US intelligent services and doesn’t guarantee a sufficient level of security.
The Data Protection Commissioner has been obliged by Dublin’s High Court to perform a “quick” and “swift” procedure to investigate Facebook’s practices based on a recent ruling issued by the European Court of Justice concerning the Safe Harbor agreement on personal data transfer.
It’s now up to DPC to decide whether Facebook provides an “adequate level of protection” or needs to be barred from allegedly transferring data to the US.
Although the company wanted to take part in the hearing, it was impossible because the DPA had already referred the case to the European Court of Justice.
“Facebook is not and has never been part of any program to give the US government direct access to our servers,” a company spokesperson was quoted as saying by The Inquirer.
“We will respond to enquiries from the Irish Data Protection Commission as they examine the protections for the transfer of personal data under applicable law.”
"The law is clear & the facts are rather clear so theoretically you could make a decision within weeks."@maxschrems pic.twitter.com/pfCts0dWCN
— Conor Barrins (@ConorBarrins) October 20, 2015
Max Schrems had to challenge the commissioner’s initial refusal to investigate complaint, which contended that the “Safe Harbor” agreement was valid.
The case was then referred to the ECJ by Justice Hogan and was returned to the judge on Tuesday.
“The parties are agreed that the commissioner’s decision must be quashed. That’s not in dispute,” said Gerard Hogan, according to The Irish Mirror.
The Safe Harbor data transfer agreement doesn’t comply with the essential European right to privacy, according to the ECJ ruling. Schrems’ complaint came in the wake of the famed whistleblower Edward Snowden’s revelations on mass US surveillance.
“I welcome today’s ruling from Judge Hogan which brings these proceedings to a conclusion. My office will now proceed to investigate the substance of the complaint with all due diligence,” Ireland’s Data Protection Commissioner Helen Dixon said.
With a small office in the town of Portarlinton and staff of fifty people, the Irish Data Protection Commissioner is tasked with dealing with tech giants such as Facebook, Google, Twitter, LinkedIn, Apple, and Microsoft , among others, due to the fact that those companies have data centers in Ireland.