Apple and Facebook not breaking EU laws by sending data to US – Ireland’s data commissioner

25 Jul 2013

Ireland’s Office of the Data Protection Commissioner has told lobby group Europe Vs Facebook that US companies based in Ireland, such as Apple and Facebook, that are transferring data back to their parent companies are compliant with EU law if they meet certain criteria. The commissioner was responding to queries following the revelations surrounding PRISM.

The commissioner told the lobby group that the Irish Data Protection Acts which transpose the 1995 EU Data Protection Directive permits Irish-based data controllers to contract with third-party data processors.

The lobby group was told that organisations that transfer personal data from Ireland to countries outside the European Economic Area need to ensure that the country in question needs to provide adequate levels of data protection.

In the case of the US, the US ‘Safe Harbor’ arrangement has been approved by the EU Commission.

“In the case of Apple Distribution International (ADI) we note that Apple Inc, USA, acts as a data processor for ADI. We note also that Apple Inc, USA, has a current ‘Safe Harbor’ self-certification entry.”

The commissioner added: “We consider that an Irish-based data controller has met their data protection obligations in relation to the transfer of personal data to the US if the US-based entity is ‘Safe Harbor’ registered. We further consider that the agreed ‘Safe Harbor’ programme envisages and addresses the access to personal data for law enforcement purposes held by a US-based data processor.”

The commissioner pointed out that high-level discussions between the US and EU over the US alleged surveillance programme PRISM are taking place.

Ireland’s Justice Minister Alan Shatter raised the issue in June, during an EU-US meeting on justice and law-enforcement issues.

The issue of striking a balance in a democratic society between protecting personal data and defending against terrorism and serious crimes has received attention in the EU in terms of new data-protection laws, a move which has been welcomed by the commissioner.

Data stream image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years