Recently, the Irish High Court referred a Privacy Shield, in which Facebook is involved, to the Court of Justice of the European Union. Facebook tried to block the case from reaching the CJEU, but the High Court denied Facebook’s request. The court also accused Facebook of using stalling tactics to attempt to make its violations moot, once the GDPR passes.
Facebook Defends Mass Surveillance
Like the Safe Harbor before it, the Privacy Shield agreement between the European Union (EU) and the U.S. has also been sent for review to the CJEU. The Irish Data Protection Commissioner (DPC) believes that the Privacy Shield agreement may be inadequate in protecting EU citizens’ privacy rights.
American laws continue to allow the U.S. government to collect and search everyone’s data in bulk, including the data of foreigners. The recent FISA extension law even allows civil law enforcement agencies to scour through all the data passing through internet cables in the United States, without a warrant. Therefore, there seems to be a large chasm between what data protection is required for EU citizens by EU laws and what the U.S. laws allow its agencies to do with that data.
Instead of agreeing that U.S. laws don’t offer many protections for EU citizens’ data, Facebook defended the mass surveillance operations of the U.S. government as necessary for “national security” reasons.
Facebook Stalls Privacy Shield Lawsuit
After the Irish High Court denied Facebook’s decision to “stay” the reference to the CJEU, Facebook said that it would appeal the ruling to the Irish Supreme Court.
The High Court said that Facebook cannot rely on Irish national law to avoid a reference to the Supreme Court. Therefore, the issue cannot be appealed, as the High Court has the ability to reference cases to the CJEU at will.
Facebook also said that if the Supreme Court will not hear an appeal, then it will appeal the Irish Court of Appeals. The High Court then concluded that Facebook is purposefully trying to stall the reference to the CJEU, in order for the General Data Protection Regulation (GDPR) to go into effect and make the judgement on previous EU privacy laws moot.
Although this may be Facebook’s plan, it’s unlikely to work. The Privacy Shield agreement and the GDPR regulate different aspects of EU privacy law. Additionally, just because the GDPR goes into effect doesn’t necessarily mean the issue of U.S. mass surveillance of EU citizens’ data would be resolved--it can’t be, until U.S. laws change to accommodate the privacy protections required by the Charter of Fundamental Rights for EU citizens.