Ireland’s data protection watchdog says it will not investigate Apple and Facebook, whose have based their European headquarters in the country, for transferring personal data to a US spy agency because they have signed up to EU privacy principles.
The statement from the Irish Office of the Data Protection Commissioner (ODPC) comes days after the EU’s Justice Commissioner, Viviane Reding, said that the framework agreed more than a decade between the EU and the US may “not be so safe after all.”
The Irish Office of the Data Protection Commissioner (ODPC), had been challenged by an Austrian student activist group,europe-v-facebook, to investigate allegations that the US National Security Agency harvests emails and other private data from the companies in a mass electronic surveillance program known as Prism.
But in an email published by the student group, the ODPC said the companies were covered by ‘Safe Harbour’, a system that allows US firms to self-certify themselves as compliant with EU data protection law by signing up to a set of principles supposed to safeguard how personal data are used.
The EU adopted Safe Harbour in 2000, seven years before the NSA began the Prism program that was revealed by fugitive intelligence contractor Edward Snowden last month. But since then, successive EU reviews of the agreement have raised a number of concerns.
Following Snowden’s revelations Safe Harbour is now under scrutiny by not just the relevant Commissioner but others involved in data protection.
The data protection commissioner for the German state of Bremen called on July 24 for the European Commission to suspend the agreement indefinitely in light of the “excessive surveillance by foreign secret services”. Reding has promised to review the agreement and to push through new EU data protection rules.
Back in Ireland, the ODPC has a different view.
“We do not consider that there are grounds for an investigation under the Irish Data Protection Acts given that ‘Safe Harbour’ requirements have been met,” the ODPC wrote to europe-v-facebook.
An ODPC spokeswoman told news agency Reuters: “If something is agreed by the European Commission for the purpose of providing safeguards, that ticks a box under our jurisdiction.”
Max Schrems, the a 25-year-old student who founded europe-v-facebook, said: “We have the impression that the ODPC is trying to simply ignore the complaints and the whole Prism scandal.”
Schrems added that he is also awaiting responses to complaints he has filed against Yahoo in Germany and Microsoft and Skype in Luxembourg.
Snowden’s leaks about NSA eavesdropping methods have caused widespread outrage in Europe. They included revelations about extensive surveillance of EU delegations and member states’ embassies in the US.
Freedom-of-expression group Index on Censorship launched a petition together with five other campaign groups on July 25 calling on European heads of government to discuss the issue at their next summit in October.
Ireland has courted US business for decades using, among others, attractive tax rates and is home to the European headquarters of some of the biggest US technology companies including Microsoft and Google, which are also alleged to have cooperated with the Prism program.
The companies, which are restricted by law as to what they can disclose about their involvement, say they have not given direct access to their servers to any government agency, and have only provided user information in accordance with the law.