Schrems’ challenge to Irish data watchdog’s Facebook decision to be heard in January

A privacy campaigner's Irish judicial review relating to Facebook's data handling will be heard next January, MLex has learned, just weeks after the same court hears a separate case in which Facebook itself is appealing an Irish decision that it can’t use standard contractual clauses to transfer data to the US.

The review was requested by Austrian privacy activist Max Schrems, who has pursued Facebook through various European courts for many years.

He is challenging the Irish Data Protection Commission’s decision in August to open a second procedure looking into Facebook’s data transfers — parallel to a long-running original complaint — to investigate Facebook's reliance on standard contractual clauses, or SCCs.

In the wake of an EU Court of Justice ruling earlier this year that invalidated the Privacy Shield mechanism for EU-US data transfers, the Irish DPC told Facebook in August that it had formed a preliminary view that the social-media giant could no longer rely on SCCs as a legal basis to transfer personal data from Europe to the US.

Schrems, who leads campaign group None of Your Business (NOYB), had first complained to the Irish regulator about Facebook’s EU-US data transfers back in 2013, raising concern over the security of data under US surveillance laws.

The Austrian has now accused the Irish regulator of "opening a second case just [to] get rid of the complainant from the first case," and said it was a "complete procedural mismanagement" after "seven years and five court judgements that all confirmed our position."

His judicial review will be heard at the High Court in Dublin over three days from Jan. 13, 2021, MLex understands.

Facebook case

That will be just four weeks after Facebook’s own case against the Irish DPC’s decision is heard at the same court on Dec. 15. While the cases remain technically separate, the outcome of Facebook's action is expected to affect that of Schrems.

Facebook had asked in September for a judicial review of the Irish DPC's August decision, arguing that the regulator rushed the process without giving the company a chance to state its case. It also argued that companies relying on the Privacy Shield had not been given any guidance on resolving issues arising from the EU Court of Justice's decision in July.

The US tech giant warned investors last week that "if a new trans-Atlantic data-transfer framework is not adopted and we are unable to continue to rely on SCCs or validly rely upon alternative means of data transfers from Europe to the United States we may be unable to operate material portions of our business in Europe".

Separately from the legal process in Ireland, the European Commission is currently working on revised SCCs that would address the judges' concerns, and their text is expected to be circulated for consultation in the coming weeks.

The case numbers are 2020/707 JR (Schrems v Data Protection Commission) and 2020/617 JR (Facebook Ireland Ltd v Data Protection Commission).