DUBLIN (Reuters) – Ireland’s High Court on Tuesday said it would ask the EU’s top court to decide whether to ban the way in which Internet firms such as Facebook (FB.O) transfer users’ data to the United States in a case with major implications for companies.
The case is the latest to question whether methods used by large tech firms such as Google (GOOGL.O) and Apple (AAPL.O) to transfer data outside the 28-nation European Union give EU consumers sufficient protection from U.S. surveillance.
Data privacy is under the spotlight after revelations in 2013 by former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance caused political outrage in Europe.
Irish High Court Judge Caroline Costello said she had decided to ask the European Court of Justice for a preliminary ruling in the case.
“European Union law guarantees a high level of protection to EU citizens … they are entitled to an equivalent high level of protection when their data is transferred outside of the European Economic Area,” she said.
The Irish Data Protection Commissioner’s office initially became involved after Austrian law student and privacy activist Max Schrems made a complaint in Dublin about Facebook’s handling of his data in the United States.
The judge said the Irish Data Protection Commissioner “has raised well-founded concerns that there is an absence of an effective remedy in U.S. law compatible with the requirements of Article 47 of the Charter (of Fundamental Rights).”
She said that a newly created U.S. ombudsperson dealing with Europeans’ complaints about U.S. surveillance did not eliminate those concerns.
Costello also said she was not delivering any value judgment on the data protection laws in the EU or United States.
A Facebook spokeswoman said it was essential the EU court “considers the extensive evidence demonstrating the robust protections in place under Standard Contractual Clauses (SCCs) and U.S. law, before it makes any decision that may endanger the transfer of data across the Atlantic and around the globe.”
The company has previously said the case could lead to a breakdown in transatlantic data transfers that could knock EU economic output by up to 1.3 percent.
A ruling by the European Court of Justice (ECJ) against the common legal arrangements used by thousands of firms to transfer personal data outside the EU could cause major headaches for companies. Millions of these transfers happen every day and include credit card transactions, hotel bookings or moving employee data between countries.
Schrems, speaking to reporters outside the court, said he hoped the ECJ would force the EU and the United States to finally deal with the gap between what he said were stricter privacy rules enjoyed by Facebook users in Europe compared to those that apply to its servers in California.
“I hope we will get a decision that ends this ping-pong and stops kicking the can down the road,” he said.
Schrems also said he did not expect the legal arrangements – known as standard contractual clauses – to be banned by the EU court.
The Business Software Alliance lobby group, that represents the global software industry, said it hoped the ECJ would focus on how specific SCCs are used rather than whether or not they should be allowed at all, as the clauses can be adapted to provide additional protections.
Law firm Linklaters said that it believed the ECJ was unlikely to halt transatlantic data transfers but that its ruling could lead to additional safeguards that could add to costs.
“This decision will be closely watched by many businesses as it could have significant implications for their ability to transfer personal data internationally,” Richard Cumbley, partner in Linklaters’ technology group, said.
Reporting by Conor Humphries, writing by Julia Fioretti; editing by Robert-Jan Bartunek and Jane Merriman