DRI welcomes landmark data privacy judgement

Digital Rights Ireland welcomes the judgement [PDF, 43kb] from the European Court of Justice (CJEU) which has found that Safe Harbour, a regime allowing the transfer of EU citizens’ private data to the United States, is illegal. DRI was a party to the case (Schrems vs Data Protection Commissioner) and had outlined its concerns over the privacy of EU citizen’s data to the court.

The CJEU ruled that:

  • Safe Harbour’s provisions were not compatible with the fundamental rights of EU citizens
  • The Snowden revelations, which showed that US intelligence agencies had access to the private data of millions of EU citizens, undermined Safe Harbour, EU data standards and the right to privacy
  • US interests meant that authorities there were “bound to disregard” the rules laid down by the Safe Harbour scheme

The ECJ ruling relates to a case which was originally brought in Ireland by an Austrian citizen, Max Schrems, over Dublin-headquartered Facebook’s use of his data. The court also found that Ireland’s data protection commissioner should not have rejected Schrems’ complaint and that they should now examine it.

Simon McGarr, the solicitor who represented DRI in the case, said:

The European Court of Justice (ECJ) has set the standard for the treatment of human rights in a digital world. Fundamental rights of privacy and data protection are not up for negotiation and data about individuals is not a commodity.

Digital Rights Ireland argued that the validity of the Commission’s Safe Harbour Decision had to be examined in the light of the Charter of Fundamental Rights following the Snowden revelations. We welcome the Court taking the same view today.

Today’s ECJ judgment sets the bar of what is legally acceptable if you want to do digital business in the European Union. It will be up to the Irish Data Protection Commissioner to ensure they have the resources to meet the important duty the court has laid upon them in this ruling.”

Additional information on today’s ruling: