THE HIGH COURT COMMERCIAL

Similar documents
Oral Speaking Notes of Maximillian Schrems

Adequacy Referential (updated)

THE HIGH COURT. [2016 No P.] BETWEEN DATA PROTECTION COMMISSIONER! AND

ARTICLE 29 DATA PROTECTION WORKING PARTY

EXECUTIVE SUMMARY. 3 P a g e

Privacy and Protection of Personal Data in the EU Transfers of Personal Data to third Countries

Recommendation for a COUNCIL DECISION

PROLAW Student Journal of Rule of Law for Development SECURING US-EU PERSONAL DATA FLOWS: A CRITICAL OUTLOOK ON THE RECENT AGREEMENTS

II. Statement of interest of the Applicants

THE EU S ATTEMPTS AT SETTING A GLOBAL DATA PROTECTION NORM

Opinion 6/2015. A further step towards comprehensive EU data protection

In the present analysis, we cover the most problematic points of the Directive. For our views on the Regulation, please go to our document pool.

AMENDMENTS EN United in diversity EN. European Parliament Draft motion for a resolution Claude Moraes (PE595.

Notes provided by Brendan Van Alsenoy (KU Leuven). Addition by Max Schrems (mainly tweets included). Check against delivery.

Data Protection and privacy case-law Case law update (DPO meeting) 1

Supreme Court of the United States

COMMISSION IMPLEMENTING DECISION. of XXX

PUBLIC LIMITE EN COUNCILOF THEEUROPEANUNION. Brusels,19December2013 (OR.en) 18031/13 LIMITE. InterinstitutionalFile: 2012/0011(COD)

STATUTORY INSTRUMENT 2002 NO THE ELECTRONIC COMMERCE (EC DIRECTIVE) REGULATIONS Statutory Instruments No. 2013

Council of the European Union Brussels, 1 February 2017 (OR. en)

Issues concerning the Court of Justice

Data protection and privacy aspects of cross-border access to electronic evidence

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

OPINION OF THE EUROPOL, EUROJUST, SCHENGEN AND CUSTOMS JOINT SUPERVISORY AUTHORITIES

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

Recent Developments in EU Public Law. Scottish Public Law Group Annual Summer Conference 9 June 2014

Developing a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights Background paper

Case 432/05 Unibet read facts of the case (best reproduced in the conclusions of the Advocate General)

The admissibility of the preliminary ruling proceedings and the rephrasing by the CJEU

THE HIGH COURT RECORD NUMBER 2017/781 P. JOLYON MAUGHAM, STEVEN AGNEW JONATHAN BARTLEY and KEITH TAYLOR -AND- IRELAND and THE ATTORNEY GENERAL

Data Processing Agreement

Association of the Councils of State and Supreme Administrative Jurisdictions of the European Union. Colloquium of Madrid June 2012.

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Statewatch Report. Consolidated agreed text of the EU Constitution. Judicial Provisions

FRANCE WHAT IS THE IMPACT OF THE NEW CONTRACT LAW AND THE MACRON ACT ON FRANCHISE AGREEMENTS?

Overview. In the beginning

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

CONVENTION ON CHOICE OF COURT AGREEMENTS. (Concluded 30 June 2005)

EU MIDT DIGITAL TACHOGRAPH

Fundamental rights as general principles of law Eg Case 11/70 [1970] ECR 1125, Internationale Handelsgesellschaft.

Customer Data Annual Privacy Agreement

Secretariat. The European Parliament The members of the Committee on Civil Liberties, Justice and Home Affairs

European Union (Withdrawal) Bill

European Union (Withdrawal) Bill

BILL. Repeal the European Communities Act 1972 and make other provision in connection with the withdrawal of the United Kingdom from the EU.

DATA PROCESSING ADDENDUM

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

Appendix 1 Data Processing Agreement

Joint Committee on the Draft Investigatory Powers Bill Information Commissioner s submission

agreement on ThE EUroPEaN ECoNoMiC area1 ParT iv CoMPETiTioN and other CoMMoN rules ChaPTEr 1 rules applicable To UNdErTaKiNGs Article 53

29 October 2015 Conference of the Independent Data Protection Authorities of the Federation and the Federal States

Official Journal of the European Union. (Legislative acts) DIRECTIVES

Judgment of 24 November 2010 Ref. No. K 32/09 concerning the Treaty of Lisbon (application submitted by a group of Senators)

Purchasing Terms and Conditions

Data Protection Bill [HL]

OTrack Data Processing Terms

LIBE Committee Inquiry on electronic mass surveillance of EU citizens. Public Hearing, Strasbourg, 7 October 2013 Contribution of Peter Hustinx (EDPS)

FUJITSU Cloud Service K5: Data Protection Addendum

B I L L. wishes to enshrine the entitlement of all to the full range of human rights and fundamental freedoms, safeguarded by the rule of law;

LEGISLATING FOR THE UK'S WITHDRAWAL FROM THE EU

Article 1. Federal Data Protection Act (BDSG)

Special Commission on the Recognition and Enforcement of Foreign Judgments (13-17 November 2017)

Infringement Proceedings & References to the Court of Justice of the EU. Adam Weiss The AIRE Centre

Tribunals must apply EU Law (C 378/17)

PE-CONS 71/1/15 REV 1 EN

Special Commission on the Recognition and Enforcement of Foreign Judgments (24-29 May 2018)

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. on the second annual review of the functioning of the EU-U.S.

EU Charter of Rights and ECHR: The Right to a Fair Trial. Professor Steve Peers School of Law, University of Essex

MANDATORY RULES and PUBLIC POLICY

European Union (Withdrawal) Bill

B. The transfer of personal information to states with equivalent protection of fundamental rights

REGULATION (EC) No 593/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 17 June on the law applicable to contractual obligations (Rome I)

Judgment rendered in Micula v Romania enforcement proceedings ([2017] EWHC 31 (Comm))

REGULATION OF INVESTIGATORY POWERS (SCOTLAND) BILL

Proposal for a COUNCIL DECISION

European Union (Withdrawal) Bill

Act No. 502 of 23 May 2018

Proposal for a COUNCIL DECISION

Assessing the necessity of measures that limit the fundamental right to the protection of personal data: A Toolkit

Index of the session

UK Withdrawal from the European Union (Legal Continuity) (Scotland) Bill [AS AMENDED AT STAGE 2]

Withdrawal bill amendments

List of topics for papers

EUROPEAN UNION. Brussels, 31 March 2008 (OR. en) 2005/0261 (COD) PE-CONS 3691/07 JUSTCIV 334 CODEC 1401

The Right to Data Protection and the Commissions Adequacy Decision

UK Withdrawal from the European Union (Legal Continuity) (Scotland) Bill [AS PASSED]

What does a hard Brexit mean for banks?

EDPS Opinion on the proposal for a recast of Brussels IIa Regulation

Dr. Hielke Hijmans Special Advisor European Data Protection Supervisor

EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

ARTICLE 29 Data Protection Working Party

EN Official Journal of the European Union L 161/ 128. COUNCIL REGULATION (EC) No 866/2004 of

Provisional Record 5 Eighty-eighth Session, Geneva, 2000

LEGAL BASIS OBJECTIVES ACHIEVEMENTS

Intra-EU Investment Treaties and EU Law Inaugural Conference of EFILA

The Transfer of Data Abroad by Private Sector Companies: Data Protection Under the German Federal Data Protection Act

A Modern European Data Protection Framework. Bruno Gencarelli DG JUSTICE and CONSUMERS

Australia's New Requirement for "Fair" Franchise Agreement Terms. Penny Ward Baker & McKenzie Australia

Annex - Summary of GDPR derogations in the Data Protection Bill

16 March Purpose & Introduction

Transcription:

THE HIGH COURT COMMERCIAL [2016 No. 4809 P.] BETWEEN THE DATA PROTECTION COMMISSIONER PLAINTIFF AND FACEBOOK IRELAND LIMITED AND MAXIMILLIAN SCHREMS DEFENDANTS Executive Summary of the Judgment 3 rd October, 2017 This is a summary of the judgment only. Please refer to the judgment for the statement of the facts, arguments and the reasons for the decision Mr Schrems operates a Facebook account. He complained to the Data Protection Commissioner in Ireland about the transfer of his personal data by Facebook Ireland Ltd. ( Facebook ) outside the European Union to Facebook Inc., in the United States of America for further processing. He said that the legal regime in the United States does not afford his personal data the protection to which he is entitled under European law. Facebook informed the Data Protection Commissioner that it transfers data for processing to Facebook Inc. including Mr Schrems data largely pursuant to an agreement between Facebook and Facebook Inc. which in turn is based upon a decision of the European Commission 2010/87/EU. This decision authorises the transfer of data by data exporters from the EEA to data importers outside the EEA on the basis of standard contractual clauses.

In considering Mr Schrems complaint, the Data Protection Commissioner looked at the legal regime in the United States authorising electronic surveillance of data transferred from the EU to the US for processing and at the remedies available to EU data subjects whose data had been transferred to the US. She formed the view that there appeared to be well-founded concerns that there is an absence of an effective remedy in US law compatible with the requirements of Article 47 of the Charter of Fundamental Rights of the European Union for an EU citizen whose data are transferred to the US where the data may be at risk of being accessed and processed by US state agencies for national security purposes in a manner incompatible with Articles 7 and 8 of the Charter. She formed the view that the safeguards purportedly constituted by the standard contractual clauses set out in Decision 2010/87/EU do not appear to address this well-founded objection that there is an absence of a remedy compatible with Article 47 of the Charter. The Data Protection Commissioner seeks a ruling on the validity of the Decision of the Commission (and two earlier decisions) ( the SCC Decisions ). Only the Court of Justice of the European Union (CJEU) has jurisdiction to rule on the validity of a European measure. She brought these proceedings seeking a preliminary reference to the CJEU on the issue of the validity of the SCC Decisions. In this judgment the court is concerned with two issues: Whether the court has jurisdiction to grant the relief sought; and If so, whether the court should refer the issue of the validity of the SCC Decisions to CJEU for a preliminary ruling In answering these questions the court looks to European law. The Directive with which this judgment is primarily concerned uses the word adequate and so the judgment, of necessity, refers to the adequacy or inadequacy of certain laws or provisions of third countries and in particular of the United States. This does not involve a decision on the respective merits of

the choices of the European Union (or its Member States) and the United States. The references to the adequacy or inadequacy of the provisions discussed in the judgment are references to the requirements laid down by the Directive. They do not constitute or reflect value judgments on the regime in the United States relating to data protection and surveillance by government agencies. It is not the function of this court to criticise the laws of a sovereign state, in this case the United States, or to pronounce on the relative merits of the laws of the United States and the European Union. I do not purport to do so in the judgment. Conclusions 1. The court has jurisdiction to make a reference to the CJEU for a preliminary ruling on the validity of the SCC Decisions under Article 267 of The Treaty on the Functioning of the European Union. 2. The court may do so if it finds that the Data Protection Commissioner has raised wellfounded concerns as to the validity of the decisions and the court shares those concerns. 3. Union law and the Charter are engaged, notwithstanding the fact that the interferences with personal data the subject of the case arise from surveillance for the purposes of national security. 4. The court is not obliged to reject the application by reason of the adoption by the Commission of the EU-US Privacy Shield Decision. 5. Union law guarantees a high level of protection to EU citizens as regards the processing of their personal data within the EU. They are entitled to an equivalent high level of protection when their personal data are transferred outside the EEA. 6. EU citizens have a right guaranteed by Article 47 of the Charter to an effective remedy before an independent tribunal if their rights or freedoms are violated. These

include the rights under Articles 7 and 8 to respect for private and family life and protection of personal data concerning him or her. 7. Rights and freedoms guaranteed by the Charter may be limited by law but the essence of the right or freedom must be respected. Limitations must be necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others. 8. The Data Protection Commissioner has raised well-founded concerns that there is an absence of an effective remedy in US law compatible with the requirements of Article 47 of the Charter, for an EU citizen whose data are transferred to the US where they may be at risk of being accessed and processed by US state agencies for national security purposes in a manner incompatible with Articles 7 and 8 of the Charter. 9. The introduction of the Privacy Shield Ombudsperson mechanism in the Privacy Shield decision does not eliminate those well-founded concerns. A decision of the CJEU is required to determine whether it amounts to a remedy satisfying the requirements of Article 47. 10. A decision of the CJEU is required to determine whether the existence of the exceptional discretionary power conferred on the Data Protection Commissioner by Article 28 of the Directive to suspend or ban the transfer of data to a data importer in a third country on the basis of the legal regime in that third country is sufficient to secure the validity of the SCC Decisions. 11. It is important that there be uniformity in the application of the Directive throughout the Union. Only a decision of CJEU can resolve the potential for inconsistent applications of the Directive which will arise if the validity of transfers of personal data outside the EEA pursuant to the SCC Decisions depends on the exercise by

individual national supervisory authorities of their independent discretion in individual cases.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback