DPC will finally investigate three-year-old Schrems complaint

20 Oct 2015

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Three years after the initial complaint, it looks like Max Schrems will finally get his wish and have the Irish Data Protection Commissioner (DPC) look into how his personal data was handled by Facebook.

Following on from the landmark European Court of Justice ruling earlier this month that saw Safe Harbour all but torn apart, the Irish High Court today said it was clear the DPC’s decision not to investigate Schrems’ original complaint should be quashed.

The Irish DPC said it is now happy to proceed with a full investigation, with Helen Dixon saying: “I welcome today’s ruling from Judge Hogan which brings these proceedings to a conclusion.

“My office will now proceed to investigate the substance of the complaint with all due diligence.”

Safe Harbour, for those unaware, is a system that allows for registered companies to send data from within the EU to a country outside its borders.

In business it is seen as a valuable tool to allow for the fast, timely transfer of information that would otherwise prove laborious.

In data protection it’s seen as a huge problem, potentially allowing for wide-scale surveillance on the part of the US of EU citizens with no avenue for redress.

The Irish DPC, Billy Hawkes at the time, argued it could not investigate the transfer of user data through Facebook’s Irish facilities and then on to the US, as it fell under the Safe Harbour remit.

Once the ECJ ruled against this, that decision was always going to crumble. Now, finally, Schrems gets his wish.

Facebook, for its part, has always denied that its handling of data brings EU citizens’ private information into the reach of US surveillance bodies.

“Facebook is not and has never been part of any programme to give the US government direct access to our servers,” said a Facebook spokesperson today.

“We will respond to enquiries from the Irish Data Protection Commission as they examine the protections for the transfer of personal data under applicable law.”

Updated 2.10pm, 20 October: This article was updated to include comments from Facebook

Main image via Shutterstock

Gordon Hunt is senior communications and context executive at NDRC. He previously worked as a journalist with Silicon Republic.

editorial@siliconrepublic.com