21분
Safe Harbour Ruling Strengthens Europe’s Hand – An Interview with Simon McGarr [Audio] The Technology.ie Podcast
-
- 과학 기술
Simon McGarr is our guest on today’s podcast. He’s the solicitor representing Digital Rights Ireland, who were granted amicus curiae status in the case regarding the EU-US ‘Safe Harbour Agreement’, which the EU Court of Justice ruled invalid this week.
Click on the player above to listen to the show, or download it here: 21:34; 12MB; MP3.
The case arises out of a complaint by an Austrian man named Max Schrems, who asked the Irish Data Protection Commisioner to investigate whether his data held by Facebook in the US was adequately protected under EU Data protection law. The Commisioner initially dismissed his case, arguing that since Facebook was covered by the EU-US Safe Harbour Agreement, that there was no case to answer.
‘Safe Harbour’ sounds impressive, says Simon, but it amounts to nothing more than companies certifying themselves as providing ‘adequate protection’.
It’s a very peculiar thing to be called an agreement. It’s an exchange of letters between the European Commission and the US Government, where the Commission asked for reassurances in relation to how things are done in the United States with relation to data. And then a further list of names is kept by the US Government of companies who agree to mostly self-certify that they are behaving well towards European users’ data, and if you follow all those rules and you were on the list and you had done what was required in terms of self certification, then you were deemed to be part of the Safe Harbour agreement, as about 4,500 companies were.
Digital Rights Ireland and Mr Schrems argued that this was inadequate. It didn’t matter that Safe Harbour was agreed by the EU Commission: it simply didn’t measure up under the EU’s Charter of Fundamental Rights. The Court agreed.
What the court has said is that Data Protection rights aren’t just a matter of national legislation. They’re not just a matter of EU legislation: the Directive. They’re actually part of the Charter of Fundamental Rights. There’s now a separate Data Protection Right, separate and distinct, and in addition to your general Right to Privacy, written into the Charter of Fundamental Rights. The result is that when the Commission makes a decision in breach of that Charter, as the Court finds … it has the power to strike that decision down, and it did so.
Significantly, he explains, the ruling says that not only are Data Protection Commissioners permitted to investigate in spite of legislation, they are actually obliged to do so, and – if neccessary – to challenge the constitutionality of such legislation in court.
The data protection authorities of Europe – the independent overseers at national level – have been enormously strengthened by this ruling. They now have the power to make investigations, and indeed, not just the power, but an obligation is put on them by the court that they must investigate matters, even where there has been a Europe-wide decision issued from the European Commission, and if needs be they can take necessary litigation to challenge that European decision if their investigation discovers that the facts do not warrant the decision that has been made.
The ruling is set to have far -reaching implications, he says.
I think there’s no question but that it is significant, and I think it’s going to take a short period of time – not a long period of time for that significance to unfold out into the public gaze. We’ve seen a lot of holding statements issued in relation to ‘business carrying on as usual’, ‘no change’, ‘we can always use different methods of transferring data’, but those different methods – such as model contract clauses – rely on the same presumption that the Safe Harbour agreement relied on: that the United States Government wasn’t going to take a co[...]
Simon McGarr is our guest on today’s podcast. He’s the solicitor representing Digital Rights Ireland, who were granted amicus curiae status in the case regarding the EU-US ‘Safe Harbour Agreement’, which the EU Court of Justice ruled invalid this week.
Click on the player above to listen to the show, or download it here: 21:34; 12MB; MP3.
The case arises out of a complaint by an Austrian man named Max Schrems, who asked the Irish Data Protection Commisioner to investigate whether his data held by Facebook in the US was adequately protected under EU Data protection law. The Commisioner initially dismissed his case, arguing that since Facebook was covered by the EU-US Safe Harbour Agreement, that there was no case to answer.
‘Safe Harbour’ sounds impressive, says Simon, but it amounts to nothing more than companies certifying themselves as providing ‘adequate protection’.
It’s a very peculiar thing to be called an agreement. It’s an exchange of letters between the European Commission and the US Government, where the Commission asked for reassurances in relation to how things are done in the United States with relation to data. And then a further list of names is kept by the US Government of companies who agree to mostly self-certify that they are behaving well towards European users’ data, and if you follow all those rules and you were on the list and you had done what was required in terms of self certification, then you were deemed to be part of the Safe Harbour agreement, as about 4,500 companies were.
Digital Rights Ireland and Mr Schrems argued that this was inadequate. It didn’t matter that Safe Harbour was agreed by the EU Commission: it simply didn’t measure up under the EU’s Charter of Fundamental Rights. The Court agreed.
What the court has said is that Data Protection rights aren’t just a matter of national legislation. They’re not just a matter of EU legislation: the Directive. They’re actually part of the Charter of Fundamental Rights. There’s now a separate Data Protection Right, separate and distinct, and in addition to your general Right to Privacy, written into the Charter of Fundamental Rights. The result is that when the Commission makes a decision in breach of that Charter, as the Court finds … it has the power to strike that decision down, and it did so.
Significantly, he explains, the ruling says that not only are Data Protection Commissioners permitted to investigate in spite of legislation, they are actually obliged to do so, and – if neccessary – to challenge the constitutionality of such legislation in court.
The data protection authorities of Europe – the independent overseers at national level – have been enormously strengthened by this ruling. They now have the power to make investigations, and indeed, not just the power, but an obligation is put on them by the court that they must investigate matters, even where there has been a Europe-wide decision issued from the European Commission, and if needs be they can take necessary litigation to challenge that European decision if their investigation discovers that the facts do not warrant the decision that has been made.
The ruling is set to have far -reaching implications, he says.
I think there’s no question but that it is significant, and I think it’s going to take a short period of time – not a long period of time for that significance to unfold out into the public gaze. We’ve seen a lot of holding statements issued in relation to ‘business carrying on as usual’, ‘no change’, ‘we can always use different methods of transferring data’, but those different methods – such as model contract clauses – rely on the same presumption that the Safe Harbour agreement relied on: that the United States Government wasn’t going to take a co[...]
21분