Certain statements that Facebook gathers and uses personal data of its users for its own purposes had been popular for quite a while, but later were somewhat forgotten: will any one voluntarily say no to Facebook, and, frankly speaking, what is to be kept safe? But, as it turned out, there were those who did not forget this problem: an Austrian student Max Schrems filed a complaint against Facebook European Branch in Ireland on violation of European legislation related to personal data.
Among the grounds for filing the complaint was a revelation of Edward Snowden that Facebook is using information about its European users for intelligence purposes which would probably be illegal in EU.
In the process of defending its interests Facebook referred to so-called Safe Harbor – a process allowing free exchange of user data. The decision about Safe Harbor was upheld by the EU in 2000 for unification of the rules of data handling effective in different EU jurisdictions. Safe Harbor was needed for IT-companies not to waste their time and resources to customize their products for all possible countries where such products are applied. Today Safe Harbor is used by thousands of the EU and the USA companies engaged into data processing.
Data Protection Commissioner in Ireland agrees with arguments put forward by Facebook and dismissed Mr. Schrems’s complaint. However, the student did not back off. He gathered a team of ten like-minded men and appealed the commissioner’s actions to the Irish court. As a result the case was transferred for consideration to the European Court of Justice. On October 06, 2015 the European court upheld quite an unexpected resolution – it actually annulled decision on Safe Harbor and reenacted powers of the state authorities of all the EU members on control of personal data. Now to get information about German users Facebook will have to comply with requirements of German law and to get information about the British users it will have to comply with laws of Great Britain etc.
As result Facebook’s lawyers will have to handle couple of dozens of legislations of EU countries instead of working within one legal framework related to Safe Harbor. In addition EU regulatory bodies may advance a claim requesting storage of information about users within the boundaries of a certain state – a rule earlier introduced in the Russian Federation. It is clear that the decision is related not only to Facebook – all the companies keeping personal data in the USA are under threat now: for example, internal data about the employees, financial information etc. Their legal and administrative expenses will substantially grow now. More importantly, several countries which have less trust in the USA than others, may, for example, restrict transfer of data about their citizens to other foreign countries.