Today the European Court of Justice will begin deliberations on a lawsuit brought against Facebook by Austrian privacy activist Max Schrems over the use of so-called ‘Safe Harbor’ to manage EU citizen data.
The case will be pivotal because it will define the course of how companies like Facebook, Google, Apple and others that have major operations in Ireland and across Europe manage customer data.
At the heart of the case taken by Schrems is the so-called ‘Safe Harbor’ process for US companies to comply with the EU Directive for the Protection of Personal Data.
Schrems alleges that any personal data processed by Facebook is unprotected once it is transferred to the US.
Schrems took a case against Facebook’s operations in Ireland on the matter and was referred by the High Court to the European Court of Justice.
His actions predate the Edward Snowden revelations that US intelligence agencies like the NSA were snooping on EU citizen data using technologies like PRISM.
Speaking with Siliconrepublic.com in January, Schrems said he became aware of the attitude US companies had to European privacy matters while he was a student in America.
“We usually pride ourselves on the privacy laws in Europe and point fingers at the US for not having them and being the bad ass spying people, but the reality is we were not enforcing these laws. It is really interesting that every parking violation is enforced but if you just suck up the data of millions of people the worst thing that can happen in Ireland is you get an enforcement notice, which is a piece of paper saying don’t do it again.”
Choosing Facebook out of any number of companies he could have pursued, Schrems forced the Data Protection Commissioner of Ireland into conducting a global audit of Facebook’s handling of personal data.
He began the case when he was 24, he is now 27.
Schrems described the audit of Facebook’s privacy procedures as superficial and vague and said there were procedural issues that caused him concern.
“The lesson learned was that from the point of view of companies you have a safe haven here when it comes to privacy and that is something that is seriously criticised outside of Ireland.”