Advocate-General's Opinion in Schrems Safe Harbor case

André Bywater and Jonathan Armstrong of Cordery, discuss the recent Opinion of Advocate-General Bot in relation to Maximillian Schrems v Data Protection Commissioner, Case C-362/14, which they call a ‘radical move’ which has ‘shaken the data protection safe harbor regime right to the core’.

Following the Snowden US surveillance revelations in 2013 the Austrian individual Maximillian Schrems brought a legal challenge before an Irish court challenging his rejected complaint before the Irish data protection regulator claiming that the US does not offer protection against surveillance by US intelligence authorities of data transferred to the US from the EU – Schrems’ data was being transferred from Facebook’s Irish subsidiary to the US. Back in 2000 the EU adopted the Safe Harbor Decision which provides a legal scheme for the adequate protection of personal data from the EU to the US. As the issue involved an interpretation of EU data protection law the Irish court had to refer to the Court of Jusitce of the European Union (CJEU) the question of whether the 2000 Safe Harbor Decision stops a national data protection regulator from investigating a complaint claiming that a country doesn’t ensure an adequate level of data protection and where appropriate from also suspending the contested personal data transfer.

The Advocate-General’s conclusions in his official legal Opinion are that national data protection regulators do have the power to undertake such investigations and suspend data transfers. Further, he has also concluded that the 2000 Safe Harbor Decision is flawed in that it doesn’t guarantee the protection of data protection rights and private and family life rights under EU law (including the EU Data Protection Directive) and consequently, according to him, the 2000 Decision is legally invalid. The Snowden revelations play a major role in his conclusions.

It should be stressed that the Advocate-General’s Opinion is not the end of this matter. The next step is for the CJEU judges  to give their ruling – which is listed for 6 October 2015. The Advocate-General’s Opinion does not bind the judges and the judges usually follow the Advocate-General but not always as was seen in last year’s ruling in the Google Right-To-Be-Forgotten case (C-131/12). The judges could find the Advocate-General’s Opinion too radical a move, but, if the judges agree with the Advocate-General then the EU will have to go back to the drawing-board on safe harbor – given the significance of the Snowden revelations it is hard to see for now how the EU will be able to conclude that the US offers an adequate level of data protection. The press release can be found here.

André Bywater, Jonathan Armstrong and Gayle McFarlane are lawyers with Cordery in London where their focus is on compliance issues.

This post was originally published on Cordery's own blog and had been republished with their kind permission.

Area of Interest