The Irish court that wants to refer questions about the admissibility of transferring user data from the EU to the United States to the European Court of Justice has rejected a request from Facebook to postpone this.
A hearing judge of the Irish High Court, Caroline Costello, said in her ruling that her court would act most justly by refusing the request for a postponement so that the referral to the European Court of Justice can take place immediately. According to the judge, potentially millions of EU citizens may already have had their interests significantly harmed by all the delays so far. She therefore wants the European court to be able to rule on the lawfulness of existing data transfers as soon as possible. Costello suggests that Facebook is deliberately trying to slow things down.
The Irish High Court’s refusal likely means the EU Court will consider the case, even as Facebook has indicated that it will continue to try to get Ireland’s highest court, the Supreme Court, to rule on the case. ask whether it is possible to challenge the referral to the Court of Justice. To this end, Facebook submitted a request for a postponement at the end of April.
The Irish High Court has previously formulated a number of questions about the standard contractual clauses, also known as standard contractual clauses. This is an EU-approved tool that allows US companies to transfer data from EU citizens to the US for storage. This is happening on a fairly large scale and if the European court were to draw a line through this, it would be quite a drain for Facebook.
The case was brought by the Irish privacy watchdog DPA, because in Ireland Facebook is headquartered for most markets outside the United States. This specifically concerns the question of whether the model contracts, like the Safe Harbor scheme, form a suitable framework for storing personal data of citizens outside the EU. The EU Court declared Safe Harbor invalid two years ago after a lawsuit brought by Austrian Max Schrems.
The model contracts, as it were, replaced the Safe Harbor arrangement, which has since been replaced by the Privacy Shield. The use of model contracts has partly become redundant due to Privacy Shield, but there are still companies that use them. The present case is about the model contracts and not about Privacy Shield, although a negative opinion about the model contracts can also have consequences for Privacy Shield.
There is quite a lot of criticism of these model contracts, including whether the data of EU citizens in the US is well protected against, for example, the extensive surveillance practices of US intelligence services. There is also doubt as to whether US law offers enough protection for EU citizens once it is established that their privacy has been violated.