Facebook clash with Max Schrems could bring extra consequences after Brexit

Adviser to EU Court of Justice due to issue opinion on Thursday

Max Schrems (32) began his legal fight as a student.  Photograph Nick Bradshaw
Max Schrems (32) began his legal fight as a student. Photograph Nick Bradshaw

Facebook’s renewed clash with an Austrian privacy advocate may have extra consequences after Brexit, one of the European Union’s top data protection officials warned.

An adviser to the EU Court of Justice will issue an opinion on Thursday in the Schrems II case, named after the man who’s been a thorn in the social network’s side for six years. The main issue is the legality of EU-approved contractual clauses that are meant to safeguard customer data when it’s sent abroad by companies.

While the dispute has mainly focused on data flows to the US, the final ruling in the case could also have ramifications for companies that rely on the clauses for data transfers between the EU and the UK after Brexit, Helen Dixon, the Data Protection Commissioner, said in an interview in Brussels.

"It's particularly challenging, of course, in the context of Brexit," said Ms Dixon, who is in charge of regulating many of the US's biggest companies, including Facebook, and has been entangled with Max Schrems in the court fight.

READ SOME MORE

Such clauses would be the legal transfer mechanism used by “most organisations in Ireland that will transfer to the UK, and most organisations around the EU that will transfer to the EU,” she said.

The advice to judges is likely to set the tone for a final ruling in the coming months that affects one of the main tools left for companies after Mr Schrems won his EU court fight to topple the previous mechanism, called Safe Harbour.

In an EU court hearing in September, Facebook warned of economic turmoil if the court does the same again.

Data transfers are part of an overhaul of EU privacy rules, including a new law that took effect last year giving regulators, such as Ms Dixon, the powers to levy fines of as much as 4 per cent of a company’s annual sales for the most serious violations. The safeguards are meant to protect EU customers’ data, from billing information to the content of messages.

Hard Brexit

"If it is a hard Brexit, suddenly the UK will no longer be an EU member state," said Tanguy Van Overstraeten, global head of data protection at law firm Linklaters in Brussels . "It will then be urgent and crucial to put in place a transfer solution for stakeholders in the EU transferring data to the UK."

The Schrems II case also questions parts of the so-called EU-US Privacy Shield, the new transatlantic data transfer pact adopted in 2016 to replace the Safe Harbour accord torpedoed by the Austrian, who started his campaign while a law student.

Mr Schrems, 32, has been challenging Facebook in the Irish courts, arguing that EU citizens’ data is at risk the moment it gets transferred across the Atlantic. The Irish courts last year sought the EU judges’ advice, focusing on the standard contractual clauses.

The Schrems cases stretch back to 2013, when former US contractor Edward Snowden exposed the extent of spying by the US National Security Agency. The revelations led to the original complaints by Mr Schrems asking the Irish Data Protection Commissioner to stop Facebook's EU-US data transfers.

Facebook and the UK's department for exiting the EU didn't immediately respond to requests for comment. The European Commission and the UK information commissioner's office declined to comment. – Bloomberg