Maximillian Schrems, the Austrian who challenged Facebook over privacy issues (and by extension, the mass surveillance unveiled by Snowden’s documents), said that the U.S. government now wants to join as an “amicus curiae” in the case, possibly to make the case that its surveillance programs have been misinterpreted.
Schrems challenged Facebook in Ireland, because like many other American companies, it has its European Union (EU) headquarters there, which means it needs to abide by EU regulations, including the Data Protection regulation and the EU Charter of Fundamental Rights.
Facebook was collecting data and transferring it to its U.S. servers under the Safe Harbor agreement, which, in theory, made this sort of transfer legal. However, the case reached the Court of Justice of the European Union (CJEU), the highest court in the EU. This court then ruled that such transfers of data are illegal, and the Safe Harbor agreement is invalid, because U.S. laws don’t provide “essentially equivalent” privacy protections to the ones that exist in the EU.
Scrambling to accommodate American companies, the European Commission rushed a new “Privacy Shield” agreement as a successor to the Safe Harbor agreement. The new agreement is supposed to solve all the legal issues that the previous agreement may have had.
However, there are quite a few, yet unchallenged, issues that the Privacy Shield agreement may have, such as allowing the U.S. Department of Commerce to be in charge of evaluating if American companies respect the privacy laws of the European Union.
Because U.S. privacy laws have remained largely unchanged since the CJEU banned the Safe Harbor agreement, it could also mean that the new Privacy Shield doesn’t respect the CJEU’s main requirement that the privacy protections need to be essentially equivalent (or better) for such transfers of data to the U.S. to be legal. Until that happens, no such agreement may be truly legal, although each one would probably have to be challenged in court before that is a well established fact.
The U.S. government may now want to join in this case because it may fear that the Privacy Shield agreement could risk such court challenges in the near future. Therefore, the U.S. government may want to convince the court that its surveillance programs aren’t as bad as it thinks they are.
Schrems believes that this is actually a good opportunity for privacy advocates, because the U.S. party giving evidence in court about U.S. surveillance would be under oath and could face “severe consequences” if they don’t answer truthfully, according to Schrems.
“This may be a unique opportunity for us. I therefore very much welcome that the U.S. government will get involved in this case. This is a huge chance to finally get solid answers in a public procedure,” said Maximillian Schrems in an official statement.“I am very much looking forward to raise [sic] all the uncomfortable questions on U.S. surveillance programs in this procedure. It will be very interesting how the US government will react to the clear evidence already before the court,” he added.
The American Chamber of Commerce, Business Software Alliance, and the Irish Business and Employers Confederation also asked to join the procedure, as the members of these organizations use the same legal basis as Facebook to transfer EU citizens’ data to the U.S.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.