The privacy campaign group Europe-v-Facebook said Wednesday it will ask the Irish High Court to review decisions made by the Irish Data Protection Commissioner not to investigate Facebook and the U.S. government surveillance program Prism.
In June, Europe-v-Facebook filed a barrage of complaints against European subsidiaries of major technology companies, claiming their data collection runs afoul of European privacy laws.
Facebook Ireland, which is responsible for the data of users outside the U.S. and Canada, should not be allowed to export it to the U.S. if the data is then forwarded to the U.S. National Security Agency for massive surveillance of personal information without probable cause, the group argued. The complaints were filed after former NSA contractor Edward Snowden leaked documents revealing NSA surveillance programs.
While the Irish privacy regulator said there are no grounds to start an investigation under the Irish Data Protection Act given that "safe harbor" requirements have been met, Europe-v-Facebook contends that it is violating European privacy laws by refusing to pursue the case.
Europe-v-Facebook will apply for a judicial review of the DPC Prism decision at the Irish High Court, it said.
In Ireland, a judicial review can be used by the High Court to supervise lower courts, tribunals and other administrative bodies to ensure that they make their decisions properly and in accordance with the law. Such a review is primarily concerned with the procedural legality of the decision but does provide for a limited review of the merits of the decision. If the High Court decides a decision was unconstitutional or illegal it may quash or cancel the decision, for example.
"In relation to the complaint about Prism, the Data Protection Commissioner considers that he has made his position on this matter clear," said Ciara O'Sullivan, senior compliance officer of the Office of the Data Protection Commissioner in an email.
Europe-v-Facebook also plans to apply for a second judicial review in another case in which it contends that Facebook violates European laws with its privacy policies. The case has been going on for several years and the group wants the High Court to deal with "the shortcomings" in that case, Max Schrems, Europe-v-Facebook's spokesman said, who also contends that "the DPC just wants to get rid of both cases."
In the last case, the group filed a "Request for a Formal Decision" with the Irish DPC on Wednesday.
If that final, legally binding decision of the DPC is unsatisfactory for the group, it could fight that decision in court, Schrems said, but right now the group does not have enough funds for such litigation.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com