Facebook Inc on Monday requested the chance to voice its opinion in a legal challenge mounted by an Austrian law student against the Irish privacy regulator for refusing to investigate the US company’s transfers of data to the United States.
Major US tech companies such as Microsoft Corp and Apple Inc as well as Facebook came under fire after revelations in 2013 of the US government’s Prism programme, which allowed US authorities to harvest private information directly from those companies.
Austrian law student Max Schrems challenged Facebook’s transfers of European users’ data to its American servers, because of the risk of US snooping in light of disclosures by former US National Security Agency contractor Edward Snowden.
Schrems filed his complaint with the Irish Data Protection Commissioner (DPC) because Facebook has its European headquarters in Ireland.
“We will request an opportunity to join the proceedings in the Irish High Court where the Irish DPC’s investigation is to be discussed,” said a spokeswoman for Facebook.
An Irish High Court judge referred Schrems’ complaint to the European Union’s highest court, asking if national authorities could suspend data transfers if they concluded that privacy safeguards in the destination country were not sufficient.
The European Court of Justice (ECJ) responded two weeks ago, delivering a landmark ruling that declared invalid a system used by thousands of US and European companies to transfer personal data to the United States, because of insufficient privacy protection there.
Under EU data protection law, companies cannot transfer EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards, of which the United States is one.
The Irish High Court now has to decide how to proceed with Schrems’ complaint against the Irish watchdog, having been told by the ECJ that national authorities have the power to investigate and suspend data transfers to countries outside the EU. Court proceedings resume on Tuesday.
“We believe it is critical that we join the proceedings so that we can provide accurate information about our procedures and processes, as well as to correct inaccuracies that already exist,” the Facebook spokeswoman said.
Facebook has repeatedly denied providing the NSA with “backdoor” access to its servers, and says its data transfer processes have already been audited by the Irish DPC.
Without the Safe Harbour framework struck down by the ECJ, companies have to use more costly and time-consuming legal channels to transfer personal data to the United States.