The Irish High Court has granted leave for a “Judicial Review” against the Irish Data Protection Commission (DPC) today. The legal action by noyb aims to swiftly implement the European Court of Justice Decision prohibiting Facebook’s EU-US data transfers.
7 Years and 5 Judgments, but no DPC decision. In 2013 Mr Schrems has filed a complaint against the European Facebook Headquarter, for illegally sharing his personal data with Facebook in the USA in the light of US mass surveillance laws like FISA702. After seven years and five judgments in the matter little progress was made in the original case, despite two judgments by Europe’s top court that invalidated the “Safe Harbor” and the “Privacy Shield”. Instead of making a final decision, the Irish DPC has suspended the complaints procedure last month for indefinite time.
Second Procedure Opened & Stalled. Instead of making a decision in the pending procedure, the DPC has started a second, new investigation into the same subject matter (“Parallel Procedure”), as widely reported (see original reporting by the WSJ). No logical reasons for the Parallel Procedure was given, but the DPC has maintained that Mr Schrems will not be heard in this second case, as he is not a party in this Parallel Procedure. This Paralell procedure was criticised by Facebook publicly (link) and instantly blocked by a Judicial Review by Facebook (see report by Reuters).
Today’s Judicial Review by noyb is in many ways the counterpart to Facebook’s Judicial Review: While Facebook wants to block the second procedure by the DPC, noyb wants to move the original complaints procedure towards a decision.
Max Schrems, chair of noyb.eu: “The DPC has opened a second case, just get rid of the complainant from the first case. Now this second case was stalled by a lawsuit from Facebook within weeks. This was complete procedural mismanagement by the Irish regulator. We are now trying to kick start the original procedure from 2013 to finally get a decision by the DPC after seven years and five court judgements that all confirmed our position.”
DPC breached Irish and EU law in multiple ways. In 2015 the DPC gave an Undertaking to the Irish High Court, to complete the investigation with “all due diligence and speed”. Five years later, the DPC does not only lack any path to a decision, but even stopped the complaints procedure indefinitely.
In addition…
Privacy Isn’t Dead. Far From It.
Welcome! The fact that you’re reading this means that you probably care deeply about…