back to article Schrems' Facebook case edges closer to ruling over EU-US data flows

Max Schrems’ battle to turn off Facebook’s trans-Atlantic data flows has crawled one step closer, as the Irish High Court today issued the EU's top court with a set of questions to rule on. The privacy activist’s multi-year slog began when he brought a complaint against Facebook's mass data slurping, in light of Edward Snowden …

  1. Doctor Syntax Silver badge

    By the time the ruling comes along the legislation applying at the time will be obsolete and the whole thing will presumably have to start up again under GDPR although it probably would have done anyway.

    In the meantime recent events should have concentrated the ECJ's minds. Perhaps Zuck & Co will be wishing they'd got it settled earlier. Sometimes dragging cases out doesn't pay.

    1. Charlie Clark Silver badge

      the whole thing will presumably have to start up again under GDPR

      I don't think so. It was because of this case that the ECJ struck Safe Harbour down. So while some issues may need reevaluation in the light of changes in the law, it's unlikely to need to start the whole thing again.

  2. Anonymous Coward
    Anonymous Coward

    18 months! Meanwhile the Mega-Slurp-Machine Rolls on

    You know with Zuckerberg's evasiveness during 10 hours of Q/A see here:

    https://www.bloomberg.com/gadfly/articles/2018-04-12/mark-zuckerberg-refuses-to-admit-how-facebook-works

    If Facebook hadn't worked out, I bet Zuck would have gone on to work at SCL / CA or some other shady firm involved in manipulation of the masses:

    https://en.wikipedia.org/wiki/SCL_Group

  3. Mark Haanen

    They forgot an obvious question

    "Is it proportional to process the data of an EU citizen for national security purposes in the third country if the person whose data is processed cannot even claim standing within the courts of that third country for lack of connection to that third country?"

    Which is a fancy phrasing of "Hey CJEU, who died and made the USA the emperor and supreme generalissimo of the world?"

    1. Keef

      Re: They forgot an obvious question

      "Hey CJEU, who died and made the USA the emperor and supreme generalissimo of the world?"

      The USA appointed themselves that title some time ago and nobody thought it worth challenging, so here we are.

      1. Claptrap314 Bronze badge

        Re: They forgot an obvious question

        Well, just how many times do you get asked to come in and fight somebody else's wars before you come to that conclusion?

        On this issue, I've said many times that I favor balkanizing these companies to prevent them from becoming too powerful. Incidentally, this also keeps US jurisdiction well away from the average person who is neither a citizen nor on our soil. Otherwise, expect US jurisdiction to be regularly asserted if you are dealing with a US entity. Or China/China or EU/EU or India/India or Russia/Russia.....

      2. The Nazz Silver badge

        Re: They forgot an obvious question

        Meanwhile in current news ....

        The USA, having been supplying arms to and training "rebels" in a middle eastern country for seven years now, with the sole purpose of bringing down the Government and society there, further intending to fire several missiles into that country, for similar purposes of destruction, and are now complaining that if their missiles ( and launch platforms) are fired at that would constitute war.

        Oh, the irony.

        I'm old enough to remember the Vietnam war, inclusive of such atrocities as the Me-Lai (spelling?) massacre.

        Some policeman.

        Genuine question. In that timespan have the US ever been totally at peace, with anyone?

        1. el kabong

          Nope, no peace, the US of A is at war with EVERYONE, absolutely EVERYONE!

          Including themselves!

          There's a civil war going on in the US of A, that war is everywhere, it's in their schools, in their streets, EVERYWHERE!

          As the orange one would say: It's terrible, absolutely terrible, it's a disgrace!

          Not even the police there is shy enough to not give it a shot.

    2. Doctor Syntax Silver badge

      Re: They forgot an obvious question

      It may be an obvious question but it's not a question at issue in Schrems' case against Facebook. If you want that question to be asked you need to find some body against whom you have a specific claim relating to that and raise that claim with the regulator in whose jurisdiction it falls. Then it will become not only an obvious question but also a relevant one and it's relevance to the case in hand that determines whether it can be raised at the ECJ.

  4. ratfox Silver badge
    Windows

    I'm prepared for a whimper

    I frankly doubt that the EU courts will have the balls to force Facebook to balkanize its data into independent units. The recent US law makes it very clear that as long as Facebook US keeps control over the place where the data is stored, they have to cough it up to Uncle Sam whenever he asks. So the tech giants would have to set up separate entities, which cannot even exchange data if they want to... Even storing emails becomes a huge problem if they're sent across the Atlantic.

    I'm fully expecting the EU authorities to give up and admit they are unable to protect our privacy from the US government.

    1. Doctor Syntax Silver badge

      Re: I'm prepared for a whimper

      "I frankly doubt that the EU courts will have the balls to force Facebook to balkanize its data into independent units."

      I don't think they have the power to do that. It would be a legislative requirement.

      What the courts do have is the power to do is to react to specific claims that might arise from that and issue fines against the companies concerned or even take action against senior officers of the companies and I can't see why the courts would have any compunction in doing that. It's ip to the companies to decide whether they can accept those sanctions on a regular basis or whether they need to find a means to avoid them. If they choose the latter course, and it seems likely, then they have option of setting up some arm's length operation which may be what you mean. They also have options of quitting the European market altogether or of ceasing to be US corporations.

      Whilst I can't see the courts being reluctant to take such action where cases are put before them the willingness of the regulators to play their part is a different matter.

    2. Ben Tasker Silver badge

      Re: I'm prepared for a whimper

      > The recent US law makes it very clear that as long as Facebook US keeps control over the place where the data is stored, they have to cough it up to Uncle Sam whenever he asks.

      That's a completely separate issue though.

      In the Microsoft case (where the CLOUD act is relevant) I suspect the EU have already started the paperwork to start punitive action should MS Ireland comply with the US's orders.

      The US can pass whatever law they like, but no company is going to enjoy the consequences complying once GDPR comes into force.

      I'm not sure what the ultimate outcome is going to be, but privacy is one of the areas where the EU tends not to back down. And Europeans in general aren't going to quietly accept having our privacy levels dragged down to match the level afforded in the US market. On the flip-side, the US aren't going to back down and rescind CLOUD either, so my guess would be that there'll be a stand-off for a while where the US demands something and the EU fines the company for complying.

      Somewhere in amongst that mess, of course, will be US politicians crying foul when other countries pass similar laws and start demanding data from companies operating in the US.

  5. eldakka Silver badge

    > “Facebook would have to split global and US services in two systems and keep European data outside of reach for US authorities, or face billions in penalties under the upcoming EU data protection regulation”.

    Is this even possible now that the US has passed legislation that allows a simple internal US-issued warrant served on a company in the US to force that company to turn over data stored in foreign jurisdictions?

    According to the US government, they no longer need to issue an international warrant under their various treaties and get the co-operation of the government of the nation where the data is located.

    1. Ben Tasker Silver badge

      > Is this even possible now that the US has passed legislation that allows a simple internal US-issued warrant served on a company in the US to force that company to turn over data stored in foreign jurisdictions?

      Yes, sort of.

      You'd need to make sure that the US arm/parent/whatever did not have the ability (in any way) to access that data for itself. Access to the data would need to be totally reliant on the EU entities co-operation.

      The EU entity would refuse (as it'd break EU law) and the US entity would be unable to comply.

      But, it'd mean you'd need to be willing to accept whatever penalty the US entity then gets hit with for non-compliance. From what I've seen though, that's still significantly less than the fine you could get under GDPR, so from a pure financial sense it makes more sense to tell the US to fuck off.

      > According to the US government, they no longer need to issue an international warrant under their various treaties and get the co-operation of the government of the nation where the data is located.

      Yeah that's what they say. It's unlikely to work well for them in most countries though. It's not that different to the Kremlin passing legislation stating that they are now cleared for unescorted access around the Pentagon and that interfering with their passage within the building is a capital offence.

      You can pass whatever law you want in your own country, you can even say you're not going to use diplomatic channels. The other side, though, doesn't have to accept it. Where the other side has the ability to punish your middle-man for compliance, it'd be foolhardy to push it too far.

  6. DontFeedTheTrolls Silver badge
    Headmaster

    While there is a higher principle at stake, two things about Facebook et al need to be reminded:

    1) If you're not paying for it, you're not the customer, you're the product being sold; and

    2) If you don't want your data sucked up by the US, don't place it on the Internet.

    1. Anonymous Coward
      Anonymous Coward

      1a) Even if you are paying you may still be one of the products being sold.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019