Earlier this week, the European Court of Justice began hearing an Irish case referred by the Irish High Court, which could have massive implications for international business and should not be underestimated.
The case is Europe V Facebook. It originated when Max Schrems, an Austrian law student brought a class action suit against the Irish Data Protection Commissioner, in which he asserted that the commission should have taken more substantial action when he filed a complaint against Facebook for how they handled his data.
Schrems argued that his personal information was not dealt with or protected to a satisfactory level in accordance with European legislation. Considering that Facebook had been identified as a company who was handing over user data to the US National Security Agency through the Prism programme.
Court proceedings this week have seen the admission from the EU Commission that it’s assurances on EU/US deal on data transfer were false, the Irish Data Protection Commission say they would welcome guidance, criticism from Schrems of Safe Harbour and the idea that the solution to Facebook not using your data was to simply delete your account.
Safe Harbour has been exposed for what it truly is, a relic. This is not exactly a shocking development as this has been the general consensus for some time, but for it to be recognised by the European Court of Justice spreads hope to those involved with this case, and those who may have fallen victim to improper use of their personal data.
This was officially brought to light when under cross examination ECJ judges the European Commission council admitted they could not guarantee the right to privacy for EU data exported to the US under Safe Harbour, an admission that could spell an abrupt end to what for the past 15 years has been an empty promise of trust.
Currently Schrems case looks to be getting the recognition and friction he has chased since he first decided to take action in 2012. The ruling, which is expected to be made in June of this year could see a major change in the data sharing agreement between the EU and the US, a change that could prove to be a major point of adjustment for technology companies in Ireland.
The Europe v Facebook case is huge in terms of data protection breaches and has been dubbed as a David and Goliath battle of data protection, however, there are dozens of data protection issues in Ireland every day.
Irish companies are still in the adjustment period, with many not fully knowing what the current legislation is despite a huge effort being made. The Association of Data Protection Officers in Ireland are working towards training Irish companies and employees to a standard that will minimise breeches, both small and large scale.
With Data Protection Practitioner courses now available nationwide, the DPO are confident that Irish companies are on the right track towards Data Protection competency.
There is two courses running in April, one in Dublin on April 8th and a second in Galway on April 14th. If you would like any information on these courses please visit www.dpo.ie or to register you place click here for Dublin or Galway or contact firstname.lastname@example.org
If you would like to view the presentation Max Schrems delivered as keynote of the 2015 Data Protection conference, please click HERE