Ireland's High Court on Tuesday ordered an investigation into Facebook's transfer of European Union users' data to the United States to make sure personal privacy was properly protected from U.S. government surveillance.
Irish court orders investigation of data transfers to U.S.
Facebook said in a statement it had never been part of a programme to give the U.S. government direct access to its servers
The court told the Irish Data Protection Commissioner to launch a probe following a landmark ruling by the European Court of Justice (ECJ) two weeks ago which struck down the Safe Harbour agreement that had allowed the free transfer of data between the European Union and the United States.
Both the ECJ decision and Tuesday's ruling were the result of a challenge by Austrian law student Max Schrems, lodged after revelations in 2013 of the U.S. government's Prism programme, which allowed authorities to harvest private information directly from big tech firms such as Facebook and Google.
The initial challenge was made in Ireland because Facebook has its European headquarters in Dublin and is regulated by the Irish Data Protection Commissioner. Tuesday's ruling overturns the commissioner's initial refusal to investigate on the grounds that it did not have jurisdiction over Safe Harbour.
The data commissioner's office said in a statement it would now "proceed to investigate the substance of the complaint with all due diligence."
Facebook said in a statement it had never been part of a programme to give the U.S. government direct access to its servers and said it would respond to enquiries by the Irish Data Protection Commissioner.
The ECJ ruling has thousands of U.S. and European companies mired in legal uncertainty over the transfer of personal data from Europe to the United States. That includes payroll and human resources information as well as data used for online advertising, which is of particular importance to tech firms.
Under EU data protection law, companies cannot transfer EU citizens' personal data to countries outside the bloc deemed to have insufficient privacy safeguards.
Schrems, who live-tweeted the ruling from the court room, told journalists he did not expect his initial complaint against the Irish regulator to have such far reaching consequences.
"You think there is this problem, so let's poke and see what is happening and it's good if things get poked up all the way and solved in the end," he said.
"The big question is whether the Irish (data protection commissioner) is now doing its job," Schrems said. "Theoretically you could make a decision within weeks ... but I think we will see a long an deep investigation."
JOIN OUR PULSE COMMUNITY!
Eyewitness? Submit your stories now via social or: