Data Privacy Oversight in the U.S. Face Controversy in Europe, Once More

Data Privacy Oversight in the U.S. Face Controversy in Europe, Once More

In the realm of digital privacy, the Irish High Court and European Union are taking significant steps to strengthen protections for European users.

On Tuesday, December 13, the European Commission began the process of adopting an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF), a move aimed at addressing concerns raised by the European Court of Justice when it overturned the Safe Harbor pact in 2015.

Simultaneously, the Irish High Court is hearing a case that forms part of a saga in European courts over the adequacy of US privacy protections and surveillance policies. The case involves tech giants such as Facebook, Twitter, Pinterest, LinkedIn, and a person named Sergei Tokmakov, who allege that Standard Contractual Clauses (SCCs) used for US-EU data transfers are still inadequate and fail to sufficiently protect European users' privacy.

The Irish court's decision could have far-reaching implications for these tech companies, potentially making it more difficult for them to handle Europeans' personal information.

In Ireland, the Representative Actions for Data Breach (RAD) legislation has been activated for the first time, with a global real-time bidding platform accused of breaching data protection laws. This RAD mechanism allows for class actions concerning data breaches and privacy violations in Ireland, and privacy organization Noyb, founded by Max Schrems, is poised to initiate further RAD actions in 2025.

While not directly naming Facebook or Google, the RAD could potentially impact these companies given their involvement in digital advertising and data processing.

In a separate case, Ireland’s High Court recently dismissed a challenge by social platform X (formerly Twitter) against Ireland’s Online Safety Code, affirming that such platforms must comply with the country’s regulatory rules on age assurance and content safety. Although this case primarily concerns online safety rules rather than surveillance per se, it demonstrates Ireland’s judiciary enforcing regulatory oversight on large tech platforms, which could imply increased scrutiny for other companies including Facebook and Google.

The Irish Supreme Court has also removed procedural hurdles for data breach claims and offered clarity on damages in privacy claims, indicating a strengthening of data protection enforcement frameworks in Ireland.

Meanwhile, the European Union is preparing a law that will apply to any tech company doing business within the EU, aiming to address concerns about overseas data seizure. The draft legislation is expected to be presented to lawmakers and member states at the end of March.

It's important to note that the EU-US DPF is still under consideration, and its details are subject to change. The new law, if passed, will allow EU law enforcement to seize overseas personal data, potentially giving the new administration an opportunity to express its position on surveillance laws.

In the political sphere, tech giants like Facebook have been reported to have made contributions to dozens of Congressmen who support the revival of mass surveillance programs and restrictions on privacy.

These developments underscore a growing trend towards strengthening privacy protections and accountability for tech companies, particularly those with substantial operations in Ireland, a key EU hub for tech companies. As the legal landscape evolves, these firms will need to adapt to maintain compliance and protect their users' privacy.

1. The European Commission's process of adopting an adequacy decision for the EU-US Data Privacy Framework (EU-US DPF) falls under the category of policy-and-legislation, as it involves making decisions that significantly impact privacy protections within the realm of digital privacy.
2. In the general-news, the Irish Supreme Court's removal of procedural hurdles for data breach claims and its clarity on damages in privacy claims highlights a strengthening of data protection enforcement frameworks, implying increased scrutiny for tech companies with substantial operations in Ireland, including Facebook and Google.

Read also: