Skip to main content

Home/ Open Web/ Group items tagged ECJ

Rss Feed Group items tagged

Paul Merrell

Challenge to data transfer tool used by Facebook will go to Europe's top court | TechCr... - 0 views

  • The five-week court hearing in what is a complex case delving into detail on US surveillance operations took place in February. The court issued its ruling today.

    The 153-page ruling starts by noting “this is an unusual case”, before going into a detailed discussion of the arguments and concluding that the DPC’s concerns about the validity of SCCs should be referred to the European Court of Justice for a preliminary ruling.

    Schrems is also the man responsible for bringing, in 2013, a legal challenge that ultimately struck down Safe Harbor — the legal mechanism that had oiled the pipe for EU-US personal data flows for fifteen years before the ECJ ruled it to be invalid in October 2015.

    Schrems’ argument had centered on U.S. government mass surveillance programs, as disclosed via the Snowden leaks, being incompatible with fundamental European privacy rights. After the ECJ struck down Safe Harbor he then sought to apply the same arguments against Facebook’s use of SCCs — returning to Ireland to make the complaint as that’s where the company has its European HQ.

    It’s worth noting that the European Commission has since replaced Safe Harbor with a new (and it claims more robust) data transfer mechanism, called the EU-US Privacy Shield — whi

  • In a written statement on the ruling Schrems added: “I welcome the judgement by the Irish High Court. It is important that a neutral Court outside of the US has summarized the facts on US surveillance in a judgement, after diving through more than 45,000 pages of documents in a five week hearing.
  • Making a video statement outside court in Dublin today, Schrems said the Irish court had dismissed Facebook’s argument that the US government does not undertake any surveillance.
  • ...3 more annotations...
  • Schrems’ Safe Harbor challenge also started in the Irish Court before being ultimately referred to the ECJ. So there’s more than a little legal deja vu here, especially given the latest development in the case.

    In its ruling on the SCC issue, the Irish Court noted that a US ombudsperson position created under Privacy Shield to handle EU citizens complaints about companies’ handling of their data is not enough to overcome what it described as “well founded concerns” raised by the DPC regarding the adequacy of the protections for EU citizens data.

  • On Facebook, he also said: “In simple terms, US law requires Facebook to help the NSA with mass surveillance and EU law prohibits just that. As Facebook is subject to both jurisdictions, they got themselves in a legal dilemma that they cannot possibly solve in the long run.”
  • While Schrems’ original complaint pertained to Facebook, the Irish DPC’s position means many more companies that use the mechanism could face disruption if SCCs are ultimately invalidated as a result of the legal challenge to their validity.
Paul Merrell

European Court of Justice rules against mass data retention in EU | News | DW.COM | 21.... - 0 views

  • The ECJ has ruled that governments cannot force telecom firms to keep all customer data. The ruling, which says the laws violate basic privacy rights, comes as governments call for greater powers for spy agencies.
  • The Court of Justice of the European Union (ECJ) ruled on Wednesday that laws allowing for the blanket collection and retention of location and traffic data are in breach of EU law.

    In their decision, the justices wrote that storing such data, which includes text message senders and recipients and call histories, allows for "very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained."

    "Such national legislation exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society," the Luxembourg-based court said.

    EU member states seeking to fight a "serious crime" are allowed to retain data in a targeted manner but must be subject to prior review by a court or independent body, the EU's top court said. Exceptions can be made in urgent cases.

    The decision came amidst growing calls from EU governments for security agencies to be given greater powers with the goal of preventing or investigating attacks. Privacy advocates, on the other hand, said mass data retention is ineffective in combating such crimes.

  • The court's decision was a response to challenges against data retention laws in Britain and Sweden on the ground that they were no longer valid after the court previously struck down an EU-wide data retention law in 2014.

    In Sweden, the law requires telecommunications companies to retain all their customers' traffic and location data, without exception, the ECJ said.

    British law allows authorities to ask firms to keep all communication data for a maximum 12-month period.

    In the UK, politicians filed a legal challenge against a surveillance law which passed in 2014, part of which was suspended by a British court. British lawmakers then passed the Investigatory Powers Act - the so-called "snooper's charter."

    A German data retention law, which came into effect at the end of 2015, requires telecommunications companies to store telephone and internet use for 10 weeks, after which point the data must be deleted.

    The German law also stipulates a shorter storage time of four weeks for location data which results from mobile phone calls. It remains to be seen what effect the ECJ ruling will have on Germany's blanket data retention measures.

1 - 2 of 2
Showing 20 items per page