It was a full house on Tuesday morning in the cavernous main chamber of Luxembourg’s Court of Justice of the European Union (CJEU).
Beneath a mesh, looking like a giant golden jellyfish, more than 300 gold-upholstered seats filled up long before 9am with lawyers, law students and observers.
All rise for round two in the long-running legal action between Facebook, Max Schrems and Ireland's Data Protection Commissioner (DPC).
“I cleared my calendar just for this,” said one Irish CJEU official excitedly.
What Max Schrems began six years has ballooned into a European legal battle with global economic implications. That much was clear in Luxembourg airport on Sunday with the arrival of a plane marked “United States of America”.
It’s unusual for the US government to ask to appear in Europe’s highest court and long-term CJEU watchers said it was unprecedented for Washington officials to be admitted to proceedings.
Appearing before 15 judges were 30 counsel from across Europe. But from the accents of almost all party lawyers, this case is a uniquely Irish affair.
Issue
The main issue at stake: how broadly or narrowly should the CJEU assess the company’s Dublin subsidiary data collection model – and US intelligence access to this data?
Eileen Barrington SC, representing the US, suggested Europe was demanding higher privacy standards from US intelligence than its own member states.
Former attorney general Paul Gallagher, in Luxembourg for Facebook, urged judges to take a “holistic approach” and balance intelligence, privacy and economic concerns.
As the day progressed, and air in the chamber became scarce, lawyers disagreed over whether or not it was the role of Europe’s highest court to judge what US intelligence does with EU citizens’ Facebook data.
In a curious alliance, counsel for Facebook and Schrems urged the court to dismiss the DPC’s request to the court. The Irish regulator wants the CJEU to invalidate so-called standard contractual clause (SCC) data transfer mechanism used by the social media company to transport EU users’ data to US servers.
Almost all other lawyers agreed with them, against the DPC.
Revenue
Beyond legal issues, this case is about time and money. Since the first Schrems ruling here in October 2015, Facebook has earned about €33.3 billion in advertising revenue in Europe.
Counsel for Schrems demanded that, six years after his client filed his original complaint in Ireland, it was time for the DPC to making a finding on whether it thinks Facebook operates lawfully in Europe.
European Commission counsel Herke Kranenborg agreed.
“It is not the commission’s fault this has dragged on so long,” he said. “What the DPC should have done is to take a decision.”
Under close questioning by the court he admitted Facebook enjoyed a “peculiar situation” in Europe: policing its own adherence to EU privacy laws.
But as the first day of the hearing wound down, the court zeroed in less on the DPC than the commission. How could it be sure its lauded “Privacy Shield”, a bilateral data privacy agreement agreed with the US, was more than a paper tiger? Four years after it forced the EU to bin its old rulebook, “Safe Harbor” the new rulebook appears poised on the recycling bin.