Europe questions U.S. data privacy protections once more
In the realm of data privacy, the Irish High Court has been a key player, particularly in cases involving European tech giants. However, as of late July 2025, there is no publicly available update indicating a recent, ongoing EU-US data privacy case before the Irish High Court centred on US privacy or surveillance policies.
Despite the Irish courts' active involvement in data privacy matters, such as the first action under Ireland’s Representative Actions Directive (RAD) in May 2025 related to data breaches, the current search results do not mention an ongoing or adjudicated EU-US data privacy case in the Irish High Court that focuses explicitly on US privacy protections and surveillance policies.
The European Union continues to enforce data privacy litigation against large tech companies, with ongoing appeals by the Information Commissioner's Office (ICO) in the UK and penalties against entities like Meta and Clearview AI. Yet, these primarily relate to GDPR enforcement within Europe or UK jurisdiction rather than EU-US international data transfer or surveillance issues.
The Irish Supreme Court has issued notable decisions relating to procedural requirements for data breach claims and non-material damages in privacy cases, but these concern EU data privacy law application generally and not transatlantic data transfer or surveillance. Moreover, no direct mention of a recent Irish High Court ruling on US surveillance policies impacting the legality of data transfers or privacy protections under the EU-US framework was found.
This lack of recent updates does not imply the absence of potential emerging litigation. If the current case is part of ongoing litigation, detailed updates may not yet be publicly reported or may appear after court decisions are rendered.
The EU-U.S. DPF, aimed at addressing the concerns raised by the European Court of Justice when it overturned the European Commission's adequacy decision underlying the Safe Harbor, continues to be a significant issue in the transatlantic data privacy landscape. If plaintiffs in the current Dublin case allege that the Standard Contractual Clauses (SCCs) are still inadequate and fail to sufficiently protect European users' privacy, it could add another layer to this ongoing saga.
Companies like Facebook, Messenger, Twitter, Pinterest, LinkedIn, WhatsApp, and email services may be affected by the new EU law, which, if passed, could make it more difficult for tech giants to handle Europeans' personal information. The case is part of a saga in European courts over whether Europeans' personal information is adequately protected when moved to the US by companies like Facebook and Google.
The US government's use of Section 702 of the Foreign Intelligence Surveillance Act to put foreigners under surveillance, as was the case with the NSA's mass surveillance program, PRISM, adds another dimension to this complex issue. The court has allowed the US government to join the case, potentially giving the new administration an opportunity to express its position on surveillance laws.
The draft legislation is expected to be presented to lawmakers and member states at the end of March, adding another layer of anticipation to this ongoing saga. As the situation develops, updates will be closely monitored to provide the public with the latest information on this critical issue of EU-US data privacy and surveillance.
- In spite of the Irish High Court's active involvement in data privacy disputes, it appears that no recent, publicly available case centered on US privacy or surveillance policies within the EU-US context has been adjudicated by the court.
- The ongoing debate regarding the adequacy of privacy protections in EU-US data transfers persists, with potential litigation still unfolding, such as the Dublin case challenging the Standard Contractual Clauses (SCCs) for inadequately protecting European users' privacy.
