The Irish Data Protection Commissioner (DPC) has questioned an avenue whereby companies transfer information from Ireland to the US, with data handling under the spotlight once again.
The Irish DPC Helen Dixon has now, after quite the ordeal, questioned “model contract clauses”, which some companies operating in Ireland utilise to transfer information to the US.
With Facebook, Google, Twitter, Apple, Microsoft and many more major tech companies operating in Ireland, Dixon’s decisions have real impact on the top end of the industry.
Dixon is passing her concerns on to the High Court, and the European Court of Justice (ECJ), adding more headaches for companies still clinging onto older practices in the wake of last year’s Safe Harbour ruling.
Irish DPC planing to bring #ModelContracts before #CJEU:
Media Update: https://t.co/iB5zZeHlZ8#EUdataP #SafeHarbor #PrivacyShield #PRISM
— Max Schrems (@maxschrems) May 25, 2016
Updates to come
“We continue to thoroughly and diligently investigate Mr Schrems’ complaint to ensure the adequate protection of personal data,” read a statement from the Irish DPC. “We will update all relevant parties as our investigation continues.”
Last October, Safe Harbour’s already flimsy legitimacy was finally torn apart, with an ECJ decision ordering the Irish DPC to address Austrian activist Max Schrems’ concerns.
Schrems had for years been arguing that the way his personal data on Facebook was transferred throughout Europe to Ireland, where the company’s EMEA HQ rests, then on to the US, was not acceptable.
With the NSA revelations in the wake of Edward Snowden’s leaks, nobody could truly say Schrems was anything other than right.
It took years for the case to work its way up through the Irish courts, before being passed on to the ECJ for the landmark ruling.
Almost immediately afterwards, Schrems openly called out the Irish DPC (and those of Belgium and Germany), saying they must act, and that his actions may still go beyond “a mere appeal or judicial review”.
Following the ruling, many companies turned to “model contract clauses” to allow them to transfer personal data outside the EU.
Should the ECJ again rule against the ease of such transfers, which doesn’t sound unrealistic, it would be another obstacle for companies sending anything from payments to images transatlantic.
US/EU image via Shutterstock