Jusletter IT

By the year 2011, the Austrian lawyer and data protection activist Max Schrems has been initiating proceedings against Facebook for the enforcement of the current data protection law. Walter Hötzendorfer first exemplifies the lawsuit in Ireland and additionally approaches the independent civil action of Schrems versus Facebook in Austria. Afterwards, he elucidates Safe Harbour and shows the repercussions of the revelations made by Edward Snowden regarding the world wide mass surveillances by western secret services. These disclosures have induced Max Schrems to institute another case against Facebook in Ireland, which ultimately resulted in the Safe Harbour decision of the ECJ. (ah)

With its Judgement in the case of Maximilian Schrems vs. Data Protection Commissioner of 6 October 2015, the European Court of Justice put an abrupt end to the current version of the Safe Harbour-Program arranged between the EU and the USA. Primarily, the judgement constitutes a political appeal to the USA to develop the data accesses by US secret services that were revealed by Edward Snowden in a way that is compliant with fundamental rights. The justification chosen by the ECJ to substantiate its appeal contains some explosive points. Consequently, the judgement equals playing with fire. (ah)

The decision of the ECJ, in which it undermined the basis for «Safe Harbour» in transmitting data from the EU to the US, still generates a lot of attention. In the market, complete uncertainty as to what is to be done now predominates. This is in no small part due to the contribution of data protection authorities in Europe, whether it is with contradictory statements, ambiguous expressions or sudden activism and overreactions. The position statements of the Federal Data Protection and Information Commissioner («FDPIC») also caused confusion and incomprehension. What is to be applied and what are the next steps? The speech gives answers and practical recommendations. (ah)

With the annulation of the Safe Harbour decision, the data transmission between the EU and the USA requires a new legal framework. The time limit for its implementation set by the EU Commission and the Article-29-Group ends on 31 January 2016. From the legal point of view, standard contractual clauses, binding corporate rules, fulfillment of contract, essential public interests, vital interests of the concerned parties and approval are under consideration; the respective advantages and disadvantages are discussed. Finally, the problem of nearly unrestricted data access in purpose of fighting crime, averting danger and for the national security can not be solved. (ah)

The European Court of Justice (ECJ) connected the Safe Harbour Agreement to the basic rights, but did not provide much clarity about how the protection of privacy emanates to the applicable cross-border regulations in practice. The judgement follows previous data privacy strengthening rulings and shows (again) that the ECJ does consider concerns of legal policy, as it did before about basic economic freedoms. (ah)