The Irish High Court is going to review whether the Irish Data Protection Commissioner's refusal to investigate Facebook's involvement with the U.S. government surveillance program Prism was lawful.
In June, the Austrian student group Europe-v-Facebook filed a complaint with the Irish DPC against Facebook Ireland, which is responsible for the data of the company's users outside the U.S. and Canada. When Facebook collects user data, exports it to the U.S. and by doing this giving the National Security Agency (NSA) the opportunity to use it for massive surveillance of personal information without probable cause, Facebook is violating European privacy laws, according to the group.
The Irish DPC however argued that there were no grounds to start an investigation under the Irish Data Protection Act because "safe harbor" requirements have been met.
Europe-v-Facebook maintained that the Irish privacy regulator should start an investigation and applied for a judicial review of this refusal with the Irish High Court in late August. The High Court decided to start such a review on Monday, according to a court document that was published by Europe-v-Facebook on Thursday.
In Ireland, a judicial review can be used to supervise lower courts, tribunals and other administrative bodies to ensure that they make their decisions properly and in accordance with the law. If such a decision was unconstitutional or illegal the High Court can choose to quash the decision.
If Europe-v-Facebook's complaint is successful, Facebook could eventually "be forced to limit the access of the NSA to Europeans' data or would otherwise need to keep Europeans' data within the E.U.," the group said in a news release.
Europe-v-Facebook filed a similar complaint against Apple in Ireland which was denied on the same grounds. Currently, the group is only pursuing the case against Facebook in Ireland.
While the Irish privacy regulator appears reluctant to investigate Facebook and Apple, other European privacy regulators did start investigations on the basis of similar complaints filed by Europe-v-Facebook and others.
The Luxembourg data protection authority, for instance, is investigating Microsoft-owned Skype for its alleged links to the Prism spying program. It will probably publish its findings before the end of next week, said a spokesman for the authority.
Meanwhile, Yahoo is under investigation by the German Federal Commissioner for Data Protection and Freedom of Information, said Juliane Heinrich, a spokeswoman for the Commissioner, in an email on Tuesday. "Yahoo has submitted a first statement that raised further questions," she said, adding that she could not share Yahoo's statement or give more detailed information during the examination phase. She expects the investigation to be finished in December.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to [email protected]