The European Court of Justice has been asked to consider whether Facebook's Dublin-based subsidiary can legally transfer users' personal data to its U.S. parent, after Ireland's top court said Tuesday that there are "well-founded concerns" the practice violates European law.
In a case brought after former U.S. defense contractor Edward Snowden revealed the extent of electronic surveillance by American security agencies, the Irish court found that Facebook's transfers may compromise the data of European citizens.
The case has far-reaching implications for social media companies and others who move large amounts of data via the internet. Facebook's European subsidiary regularly does so.
Ireland's data commissioner had already issued a preliminary decision that such transfers may be illegal because agreements between Facebook and its Irish subsidiary don't adequately protect the privacy of European citizens. The Irish High Court is referring the case to the European Court of Justice because the data sharing agreements had been approved by the European Union's executive Commission.
Ireland's data commissioner "has raised well-founded concerns that there is an absence of an effective remedy in U.S. law . for an EU citizen whose data are transferred to the U.S. where they may be at risk of being accessed and processed by U.S. state agencies for national security purposes in a manner incompatible" with the EU's Charter of Fundamental Rights, the Irish High Court said Tuesday.
Austrian privacy campaigner Maximillian Schrems, who has a Facebook account, had challenged this practice through the Irish courts because of concerns that his data was being illegally accessed by U.S security agencies.