European privacy campaigner Max Schrems’ legal challenge to Facebook has already been credited with the demise of a fifteen-year-old data transfer arrangement between the region and the U.S. last year, causing huge uncertainty for transatlantic data flows after Safe Harbor was suddenly struck down. But Schrems’ legal powder is far from spent.
Today’s interesting development in the saga is that the U.S. Government has asked the Irish Court to be joined as an amicus in the case — likely, reckons Schrems, in order to defend U.S. surveillance laws before the court, given it is those laws that have been found to be in conflict with Europeans’ fundamental rights, causing all this trouble in the first place.
In Schrems’ original 2013 legal challenge, which resulted in Safe Harbor being struck down last fall, he argued that U.S. Government mass surveillance programs, which NSA whistleblower Edward Snowden revealed to be mining data from consumer web services such as Facebook, invalidated the long-standing EU-US data flow deal by contravening European data protection laws. Europe’s top court, the CJEU, agreed.
After the CJEU decision Schrems filed new complaints relating to Facebook and the NSA’s Prism data collection program (the one apparently looping in data from consumer services such as Facebook), including with the Irish DPA — which last month said it would be referring the matter to the Irish High Court. And it’s here the U.S. Government wants to step in as an amicus curiae — petitioning the court to be able to offer its view on the matter. Schrems says the move underlines the significance of the case to the U.S. Government.
Attempts to replace Safe Harbor with a so-called EU-US ‘Privacy Shield’ are ongoing but have been roundly criticized as containing the same fundamental flaws that scuppered Safe Harbor. Schrems has argued there’s nothing to prevent another legal challenge to the Privacy Shield on the same mass surveillance grounds that holed Safe Harbor. The influential heads of European Member States’ data protection agencies, the Article 29 Working group, also remain unhappy with the current draft of the agreement.
In the meantime the more than 4,000 companies which were using Safe Harbor to govern their transatlantic data flows have had to fall back on alternative mechanisms. But there’s no firm legal footing here either; Schrems’ latest legal challenge has thrown doubt on the legality of one of these methods — so-called “model contract clauses”. It’s the legality of these contracts the Irish High Court will be considering, even as the U.S. Government aims to chip in with its two cents on U.S. surveillance law.
The U.S. Government has previously made public statements denying it engages in mass surveillance — arguing instead that European courts have misinterpreted its intelligence practices. However if it is allowed to become an amicus curiae it will have to make such assertions under oath — something Schrems views as an opportunity, noting that whoever gives evidence on behalf of the U.S. Government could face severe consequences if they do not respond truthfully to questions in court.
“This may be a unique opportunity for us. I therefore very much welcome that the US government will get involved in this case,” he writes in a statement on the development. “This is a huge chance to finally get solid answers in a public procedure. I am very much looking forward to raise all the uncomfortable questions on US surveillance programs in this procedure. It will be very interesting how the US government will react to the clear evidence already before the court.”
So this is certainly lining up to be a * gets popcorn * moment — assuming the US government does end up getting a grilling from Schrems’ lawyers…
Other entities applying to join the procedure include the American Chamber of Commerce, the Business Software Alliance and the Irish Business and Employers Confederation, according to Schrems’ Europe vs Facebook campaign group.
The first preparatory hearing for the case took place today in Dublin.