Court move on data will rock Face­book to its core

Fi­nal de­ci­sion could un­der­mine busi­ness mod­els at Google, Twit­ter and Ap­ple

The Irish Times - Business - - BUSINESS NEWS - Kar­lin Lilling­ton Anal­y­sis

Face­book might have felt the worst was over. Chief ex­ec­u­tive and chair­man Mark Zucker­berg con­cluded a gru­elling two-day ap­pear­ance be­fore US Con­gres­sional com­mit­tees on Wednesday, and Face­book was still in­tact. But a day is a long time in in­ter­na­tional data pri­vacy bat­tles. Yes­ter­day, the com­pany learned the Euro­pean Court of Jus­tice (ECJ) is go­ing to de­cide whether the instrument it uses to trans­fer Euro­peans’ data to the US, called stan­dard con­tract clauses (SCCs), guar­an­tees ad­e­quate pri­vacy pro­tec­tions.

And that’s only the start of a po­ten­tial transat­lantic night­mare. The High Court re­fer­ral by Ms Jus­tice Caro­line Costello in­cludes the bomb­shell ques­tions of whether the EU/US data trans­fer agree­ment Pri­vacy Shield is valid. And if nei­ther Pri­vacy Shield or SCCs pass muster, should transat­lantic data flows cease?

Pri­vacy cam­paigner

Pri­vacy Shield was ham­mered out be­tween the US and the Euro­pean Com­mis­sion af­ter an ini­tial case taken by Aus­trian pri­vacy cam­paigner Max Schrems over his Face­book data re­sulted in the ECJ declar­ing in­valid Pri­vacy Shield’s pre­de­ces­sor agree­ment, Safe Har­bour. Schrems is also a party to the cur­rent case. It rests on whether his data stored on Face­book’s US servers, and trans­ferred us­ing SCCs, is safe from in­dis­crim­i­nate US sur­veil­lance. Those con­cerns stem from Ed­ward Snow­den’s dis­clo­sure in 2013 of large-scale NSA spy­ing pro­grammes such as PRISM, be­lieved to have ac­cessed data from Face­book and other tech­nol­ogy com­pa­nies.

Data Pro­tec­tion Com­mis­sioner He­len Dixon has said she is in­clined to side with Schrems – al­ready a worry for Face­book. But in a com­plex case taken against Face­book, the com­mis­sioner asked the High Court to de­ter­mine if the con­tracts could be deemed safe in­stru­ments. Now, all for­mats for data trans­fers are un­der scru­tiny. There’s no ques­tion that Face­book and many other US and Euro­pean com­pa­nies that rou­tinely move data be­tween the two ju­ris­dic­tions will view this re­fer­ral with pri­mal fear. Not least be­cause, along with the very real prospect of los­ing hun­dreds of mil­lions of users and cus­tomers in an in­stant, there’s lit­tle Face­book or any other com­pany can do but sit and wait for the view of the judges.

Judges who, in re­cent years, have made a se­ries of land­mark pri­vacy rul­ings. And, worse again, there’s lit­tle that com­pa­nies can do when the prob­lem­atic part of th­ese in­stru­ments is due to the firm stance on data ac­cess taken by the US gov­ern­ment in the name of se­cu­rity.

Se­cu­rity pro­vi­sions

In the cur­rent case, Face­book has ar­gued that such se­cu­rity pro­vi­sions are grounds for ex­emp­tions to EU data pro­tec­tion law, and asked for the re­fer­ral to be quashed. Ms Jus­tice Costello seems very un­likely to with­draw a re­fer­ral for a case whose en­tire point was to pro­duce a re­fer­ral, but has agreed to give Face­book lawyers un­til April 30th to con­sider the doc­u­ment be­fore the re­fer­ral is for­malised. While many busi­nesses and pri­vacy or­gan­i­sa­tions ex­pected a chal­lenge even­tu­ally to Pri­vacy Shield, few ex­pected this High Court case would re­sult in such a com­pre­hen­sive con­sid­er­a­tion of the vi­a­bil­ity of both SCCs and Pri­vacy Shield in a sin­gle go.

Await­ing the ECJ’s view – which could take over a year – will keep many a chief ex­ec­u­tive and ex­ec­u­tive board in a sweat.

The ul­ti­mate de­ci­sion could, in one blow, over­turn long-stand­ing busi­ness mod­els and de­mand a ma­jor re­think of how all com­pa­nies man­age cus­tomer and user data, es­pe­cially large gath­er­ers and man­agers of data such as Face­book, Google, Ama­zon, Twit­ter, Mi­crosoft and Ap­ple, to name just a few.


Pri­vacy cam­paigner Max Schrems who took a case over his Face­book data and po­ten­tial US sur­veil­lance.

Newspapers in English

Newspapers from Ireland

© PressReader. All rights reserved.