The challenge of navigating twenty or more different
sets of national data protection rules was recently
highlighted by MEP Timothy Kirkhope of the European
Conservatives and Reformists Group (ECR) who said:
The result of this ruling could be a patchwork of
different regimes across Europe and different
interpretations of how data should be stored and used.
Court rulings often leave fragmentation in their wake
which could be more damaging for businesses and
consumers in the long run.
For US companies - or European companies transferring
data to the US - trying to avoid that headache, the only
other option that looks viable right now is the creation
of data centres based within Europe which would allow EU
data to stay within the Union rather than be transferred
to the US. Or worse - some countries could even follow
Russia's lead in deciding that their citizens' data must
remain within their own borders. The ruling comes after
law student and privacy advocate Max Schrems brought a
case against Facebook, saying his privacy had been
violated by the NSA's mass surveillance programs.
Though he is Austrian, Schrems brought the case in
Ireland as the social network has its European
headquarters in Dublin.
The country's then Data Protection Commissioner, Billy
Hawkes, rejected the case, saying Schrems couldn't
possibly know whether his own data had been spied on by
the PRISM program. He pointed to an EU Executive
Commission decision made in 2000 that stated that the US
offered adequate data protection under the Safe Harbor
agreement.
In a subsequent case, however, Schrems successfully
argued before High Court Justice Gerard Hogan, who ruled
that he could pursue his case further as the NSA's aims
and methods were not compatible with the Irish
constitution, irrespective of whose data the agency may
or may not have been spying upon. Justice Hogan
escalated the case to the European Court of Justice.
And so, today the ECJ made its decision, electing to
overturn the Irish Data Protection Commissioner's
ruling, saying that the Commissioner must now examine
Schrems' complaint "with all due diligence."
Once it has concluded its investigation, the authority
must, according to a summary of the ECJ ruling:
Decide whether, pursuant to the directive, transfer of
the data of Facebook's European subscribers to the
United States should be suspended on the ground that
that country does not afford an adequate level of
protection of personal data.
The ruling of the ECJ is final and cannot be appealed,
though groups such as the ECR are hopeful that the EU
and US can now work together to "find a [political]
solution" that will be clear and consistent across all
member states.
Speaking after the case, a jubilant Schrems said:
I very much welcome the judgement of the Court, which
will hopefully be a milestone when it comes to online
privacy. This judgement draws a clear line.
He did, however, point out that the judgement only
applied to a limited set of situations, namely the
transfer of EU data to US providers. This, he said,
meant the typical consumer would not see any changes in
their daily lives but they would be free from the
possibility of mass surveillance.
Despite today's massive success, Schrems is likely to be
back in court again in the near future as his Europe vs
Facebook group continues to pursue a class action
lawsuit brought against the social network for alleged
privacy violations across the Union.
Source:::::
Naked Security, dated 06/10/2015.........