Skip to main content

Irish High Court Quashes Irish Data Protection Commission Original Schrems' Decision

The Irish High Court today has ordered the Irish Data Protection Commissioner (DPC) to investigate Facebook's European data privacy practices, bringing Max Schrems' three-year fight full circle.  The Court today quashed the original DPC refusal to examine Schrems' complaint that came back to the High Court after the referral to the European Court of Justice (CJEU).

Ireland's DPC, Helen Dixon, refused to investigate the original Schrems' complaint based on the validity of the US-EU Safe Harbor Framework.   By now, we all know what happened to Safe Harbor when it reached the CJEU.

Today's High Court decision awards Schrems costs for his legal bills and travel expenses and Judge Gerard Hogan commented that "the commissioner is obliged now to investigate the complaint ... and I've absolutely no doubt that she will proceed to do so."

The EU's Article 29 Working Party of EU data protection officials issued a joint statement last week forthrightly expressing its position post-CJEU decision:

Regarding the practical consequences of the CJEU judgment, the Working Party considers that it is clear that transfers from the European Union to the United States can no longer be framed on the basis of the European Commission adequacy decision 2000/520/EC (the so-called “Safe Harbour decision”). In any case, transfers that are still taking place under the Safe Harbour decision after the CJEU judgment are unlawful. 

 

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.