High Court, Schrems v Data Protection Commissioner [2014] IEHC 310

Document type
Court Decision
(1) The Data Protection Act 1988 as amended prohibits transfers of personal data outside the state unless adequate privacy protections are in place.  In 2000, the European Commission had decided that the USA ensured an adequate level of privacy protection for data.  A Safe Harbour framework had been put in place between Europe and the USA regarding transfers of personal data.
(2) In light of the Snowden revelations, Mr Schrems, an Austrian lawyer who runs the “Europe v Facebook” group, made a complaint to the Data Protection Commissioner arguing that the Commissioner should direct that transfers of personal data from Facebook Ireland to Facebook in the USA should cease.  Facebook Ireland is responsible for millions of Facebook users outside the USA and Canada.
(3) The Commissioner decided that the request was unsustainable in law.  Mr Schrems sought Judicial Review of the Commissioner’s decision.  
(4) In the High Court, Hogan J. said that much had changed since 2000, including for example the entry into force of the EU Charter of Fundamental Rights.  As a result, he referred questions of EU law to the Court of Justice of the EU (CJEU).  He also noted that mass and indiscriminate surveillance of communications as shown by the Snowden revelations would, as a matter of Irish law, be unconstitutional, but that Irish law on this matter had effectively been pre-empted by EU law.  
Topic, claim, or defense
Privacy or Data Protection
Document type
Court Decision
Issuing entity
Appellate Domestic Court
Type of service provider
Host (Including Social Networks)
Type of law