Privacy security

EU Judges US Surveillance Law

The Irish High Court is considering a potential landmark case on the legality of transferring personal data from the European Union to the United States. A large portion of E.U. data transfers operates under “Standard Contract Clauses” (SCCs), boilerplate language widely adopted in written agreements. A central issue in Schrems v. Facebook is whether U.S. surveillance, when conducted within the U.S., is so pervasive that data transferred to the U.S. via SCCs lack “adequate” protection of privacy.

In an earlier case brought by Max Schrems against Facebook, the Court of Justice for the European Union (CJEU) struck down the E.U./U.S. Safe Harbor Agreement as a legal basis for transferring data between the E.U. and the U.S. In the current case, Schrems once again filed a complaint to the Irish Data Protection Commissioner, asking whether there are adequate U.S. safeguards against surveillance under SCCs. The Irish Data Protection Commissioner referred the case to the High Court, determining Mr. Schrems’s allegation to be “well founded.” Once the High Court issues its ruling, the current case may proceed to the CJEU.