Printed from BusinessInsurance.com

Irish court orders investigation of Facebook data transfers to U.S.

Posted On: Oct. 20, 2015 12:00 AM CST

(Reuters) — Ireland's High Court on Tuesday ordered an investigation into Facebook Inc.'s transfer of European Union users' data to the United States to make sure personal privacy was properly protected.

The court told the Irish Data Protection Commissioner to investigate following a landmark ruling by the European Court of Justice two weeks ago that struck down the safe harbor agreement that had allowed the free transfer of data between the European Union and the United States.

Both the ECJ decision and Tuesday's ruling were the result of a challenge by Austrian law student Max Schrems, lodged after revelations in 2013 of the U.S. government's Prism program, which allowed authorities to harvest private information directly from big tech firms like Facebook and Google Inc.

The initial challenge was made in Ireland because Facebook has its European headquarters in Dublin and is regulated by the Irish Data Protection Commissioner. Tuesday's ruling overturns the commissioner's initial refusal to investigate.

"My client will now investigate the matter … with all appropriate diligence," Paul Anthony McDermott, lawyer for the Irish Data Protection Commissioner (DPC) told the High Court in Dublin. The judge awarded costs to Schrems.

Facebook will "constructively engage" with any investigation, its barrister Rossa Fanning told the court.

The ECJ ruling has thousands of U.S. and European companies mired in legal uncertainty over the transfer of personal data from Europe to the United States. That includes payroll and human resources information as well as data used for online advertising, which is of particular importance to tech firms.

Under E.U. data protection law, companies cannot transfer E.U. citizens' personal data to countries outside the bloc deemed to have insufficient privacy safeguards.

Facebook has repeatedly denied providing the U.S. National Security Agency with "backdoor" access to its servers, and says its data transfer processes have already been audited by the Irish Data Protection Commissioner.