The
long-awaited decision in Case C-362/14 Maximillian Schrems v Data Protection
Commissioner was finally issued on 6 October 2015. Controversial in its
findings, this preliminary ruling sheds new light on the ongoing debate
regarding the collection, transfer and processing of EU citizens’ data by US
companies, and the processing of that data by US intelligence agencies within
the framework of the PRISM program.
Background
information
Mr.
Schrems, an Austrian citizen, has been a Facebook user since 2008. In the case
of all users residing in the EU, some or all of the data with which they
provide Facebook is transferred from Facebook’s Irish subsidiary to servers
located in the United States, where it is processed.
Mr. Schrems
lodged a complaint with the Irish supervisory authority (the Data Protection
Commissioner) on the grounds that, in light of the revelations made by Edward
Snowden in 2013 concerning the activities of the United States intelligence
services (in particular, the NSA), the law and practice in force in the United
States did not offer sufficient protection against surveillance by the public
authorities of data transferred to that country. The Irish supervisory
authority rejected the complaint on the basis of the decision of 26 July 2000,
which considered that under the “safe harbour scheme” the United States ensured
an adequate level of protection of the personal data transferred (known as the
Safe Harbour Decision).
Mr. Schrems
then filed an appeal with the High Court of Ireland, which considered that the
issue prompting his action was closely related to EU law since, according to
that High Court, the Safe Harbour Decision did not comply with the principles
set forth in the judgments in C-293/12 and C-594/12, EU:C:2014:238.
Preliminary
questions submitted to the CJEU
On 17 July
2014, the High Court of Ireland, before which the case had been brought,
submitted the following questions to the Court of Justice for a preliminary
ruling:
(1) Whether in the course of determining a
complaint which has been made to an independent office holder who has been
vested by statute with the functions of administering and enforcing data
protection legislation that personal data is being transferred to another third
country (in this case, the United States of America) the laws and practices of
which, it is claimed, do not contain adequate protections for the data subject,
that office holder is absolutely bound by the Community finding to the contrary
contained in [Decision 2000/520] having regard to Article 7, Article 8 and
Article 47 of [the Charter], the provisions of Article 25(6) of Directive
[95/46] notwithstanding?
(2) Or, alternatively, may and/or must the office
holder conduct his or her own investigation of the matter in the light of
factual developments in the meantime since that Commission decision was first
published?
The
Advocate General’s Opinion of 23 September 2015
According
to the Opinion of the Advocate General (Yves Bot), a company, by merely having
a Safe Harbour certification, would not automatically comply with the European
data directive on export requirements.
This
argument had already been made in Communication COM(2013) 846 and Communication COM(2013) 847.
As was to
be expected, the CJEU followed the arguments put forward by the Advocate
General.
The CJEU
ruled that the Safe Harbour Decision was invalid, and that the Irish
supervisory authority should have examined Mr. Schrems’ complaint
comprehensively and with all due diligence in order to determine whether the
transfer of data by Facebook’s European subsidiary to Facebook’s US servers was
in conformity with data protection principles and with the protection of EU
citizens’ fundamental rights, considering that there was evidence to suggest
that the practices carried out in the US did not grant an appropriate level of
protection to Mr. Schrems’ personal data.
This
judgment shatters the Safe Harbour system that was in place and is being
considered by scholars and the media as a shocking move in the protection of EU
citizens’ data.
On 1
October 2015, Mr. Schrems himself was unable to foresee the result and impact
of his quest.
https://twitter.com/maxschrems/status/649610979567894528
The
aftermath. Potential consequences.
This
decision, just like last year’s decision in C-131/12 Google Spain v AEPD and
Mario Costeja González (for a comment in this blog, here), has caused a global tsunami in the data protection and
IT sectors.
It is now
for the EU Member States, in particular to their Data Protection Agencies, to
decide on Safe Harbour within their respective jurisdictions, and even forbid
it within their borders.
Considering
that the High Court of Ireland was the court which had brought this question to
the CJEU’s attention, it will likely be the first judicial body to decide
whether US companies should: (a) compile and process all EU citizens’ data
within the EU; or (b) undertake to grant real protection to EU citizens’ data,
avoiding any disturbance or interference from US intelligence agencies.
It must
nevertheless be highlighted that the conclusions drawn by the CJEU on Safe
Harbour would also apply to companies operating under a BCR (Binding Corporate
Rules) or Model Contracts scheme.
On another
note, Article 26 of Directive 95/46 lays down the exceptions on which US
companies may wish to rely (namely, consent of data subjects, the need to
transfer the data in order to perform a contract with the data subjects, etc.).
In view of
the above, this CJEU decision is a call for foreign companies dealing with EU
citizens’ data to protect that data under acceptable standards as per EU laws.
Visit our website: http://www.elzaburu.es/en
Visit our website: http://www.elzaburu.es/en
google 880
ReplyDeletegoogle 881
google 882
google 883
google 884
google 885
Wonderful article, thank you for sharing the info. It isn’t too often that you simply read articles where the poster understands what they’re blogging about.
ReplyDelete사설토토
카지노사이트
파워볼
온라인카지노
To an extraordinary degree beautiful and enthralling post. I was chasing down this sort of data and recognized inspecting this one. Continue posting. Grateful for sharing.
ReplyDelete사설토토
온라인바카라
파워볼사이트
바카라사이트
Hello, I'm happy to see some great articles on your site. Would you like to come to my site later? My site also has posts, comments and communities similar to yours. Please visit and take a look keonhacai
ReplyDeleteAwesome and interesting article. Great things you've always shared with us. Thanks. Just continue composing this kind of post.
ReplyDelete고스톱
This is by far the best post I've seen recently. This article, which has been devoted to your efforts, has helped me to complete my task.
ReplyDeleteAppreciating the persistence you put into your blog and detailed information you provide.
I really love the theme/design of your website.
스포츠토토
It is in reality a nice and useful piece of info. I am glad that you simply shared this useful info with us.
ReplyDelete온라인카지노
I am thankful for the article post. Looking forward to visit more. 카지노사이트
ReplyDeleteReally great article. I'm glad to read the article. It is very informative for us, thanks for posting. 카지노사이트
ReplyDeleteSailing is a timeless art and recreation that combines skill, nature, and adventure. It's the mastery of harnessing the wind's power to propel a vessel across water, a dance of wind and water. Sailors rely on their knowledge of the elements, navigation, and the intricacies of rigging to navigate the open sea or serene lakes. Whether racing competitively or leisurely cruising, sailing inspires a deep appreciation for the world's waterways and the thrill of exploration. Traffic Lawyer Warren VA
ReplyDeleteOur Fairfax Criminal Lawyer combines legal expertise with a steadfast dedication to protecting clients' rights and interests, all while having a thorough understanding of the nuances of Virginia's legal system. In the ever-changing field of criminal law, where every case is different, our champion takes great pride in developing tactical and tailored defence strategies. Criminal Defense Lawyer in Fairfax VA
ReplyDeleteNew York State Divorce Lawyers offer expert legal guidance on divorce proceedings, including child custody, asset division, and spousal support, ensuring clients navigate the process efficiently and achieve fair resolutions.
ReplyDeleteSailing is a timeless activity that combines adventure, skill, and a deep connection with nature. It involves navigating bodies of water using the wind as the primary source of propulsion, relying on harnessing natural forces to move gracefully across oceans, lakes, or rivers. At its core, sailing is a sport that demands both technical expertise and a profound understanding of weather patterns and water conditions. Abogado conducción imprudente Chesterfield VA
ReplyDeleteThe case exposed key legal principles, particularly the Safe Harbor Agreement and Privacy Shield, emphasizing the need for robust protections against governmental monitoring in line with EU Charter of Fundamental Rights. keeping a bawdy house virginia For specialized guidance and resources in this area, speak with an experienced lawyer. You are also welcome to ask any questions you may have.
ReplyDeleteThe "No Safe Harbour" case, a landmark EU case, invalidated the "Safe Harbour" framework, allowing data transfers between EU and U.S., arguing U.S. surveillance practices didn't adequately protect European citizens' privacy Violencia Doméstica Registro Nueva Jersey.
ReplyDeleteNo Safe Harbour: Sailing in the tempest (Case Maximillian Schrems v Data Protection Commissioner) navigates through legal waters much like mastering the challenges of slope unblocked.
ReplyDeleteA landmark case that redefines New York Divorce Residency Requirements||New Jersey Domestic Violence Lawyer privacy and data protection in the digital age. 🌟✨ Maximillian Schrems leads a crucial battle for our rights in a connected world.
ReplyDelete