The European Court of Justice has said an agreement that gave US spy chiefs access to the online data of millions of citizens is invalid.
Austrian privacy campaigner Max Schrems challenged the Safe Harbour treaty in his fight to expose what information Facebook gave to American intelligence agencies.
The court found that legislation allowing the authorities access to the content of electronic communications compromised the fundamental right to respect for private life.
Austrian privacy campaigner Max Schrems (pictured) took a case against Facebook in Ireland claiming that their terms of service run contrary to EU law.
The case centres around the ‘Safe Harbour’ treaty which allows personal data to be transferred out of the EU to the US, where is can be monitored by the National Security Agency (NSA).
Simon McGarr, a solicitor who represents Digital Rights Ireland, said the agreement was made before the levels of spying by the NSA were made clear.
“The EU’s decision that Safe Harbour was adequate protection was taken before it became clear that the US government and surveillance systems were actually taking full copies of foreign citizens’ data and sequestering them under the desert in Nevada as part of the NSA’s full-spectrum Prism system,” he said.
The European Court of Justice will issue its final ruling less than a fortnight after its legal officer advised that the agreement was invalid and amounted to “mass, indiscriminate surveillance”.
The ramifications could be immense, Mr Schrems’s Irish lawyer said.
Not only are European Union officials trying to rewrite the agreement but a decision in favour of online privacy could further strain EU-US relations already damaged by the revelations of spy whistleblower Edward Snowden.
The Luxembourg-based court does not have to follow the advice it receives from its Advocate General, the ECJ legal officer, but more often than not it does.
Gerard Rudden, Mr Schrems’s lawyer, said there is also the potential for lawsuits over Safe Harbour.
“If it is held that Safe Harbour is invalid and Facebook have been transferring data, that could open the door to compensation claims,” he said.
Mr Schrems’s legal battle over Safe Harbour was sparked by Mr Snowden’s revelations over the US National Security Agency (NSA)’s Prism surveillance system which allowed spies to access enormous amounts of data from global tech companies.
He initially took a lawsuit in Ireland after failing to secure an investigation into Facebook by the country’s Data Protection Commission, which has the authority to audit the social media giant.
Mr Schrems claimed Ireland’s data watchdog had an onus to uncover what information Facebook held on users and ultimately what was being transferred to the US under Safe Harbour and being accessed through Prism.
The case was taken in Dublin as every Facebook user outside the US and Canada has a contract with Facebook Ireland.
The ECJ judgment will be sent to the High Court in Dublin where the judge will use it as the basis for deciding on Mr Schrems’s legal challenge for Facebook to be audited.
Mr Snowden, a former NSA contractor now in exile in Russia, triggered a wave of controversy when he leaked tens of thousands of documents about surveillance programmes run by the US intelligence services and foreign counterparts, including Britain’s GCHQ, in 2013.
He fled to Hong Kong where he met journalists to co-ordinate a series of articles that exposed mass surveillance programmes such as the NSA’s Prism and GCHQ’s Tempora, which involve “hoovering up” vast volumes of private communications.