A landmark case with regard to European data protection laws has come before the Irish courts with questions being raised over the validity of Standard Contractual Clauses (SCCs), which are routinely used to facilitate the transfer of personal data from Europe to rest of the world.
The case has stemmed from the invalidation by the Court of Justice of the European Union (CJEU) of the Safe Harbor Agreement in the Schrems case last year (read more here). This agreement had been in place between the European Union and the United States for 15 years before being struck down. Since the invalidation of Safe Harbor, companies have been relying almost exclusively on SCCs as a method of ensuring that any transfer of data to the US complies with EU privacy and data protection laws.
The Data Protection Commissioner has stated that claims that personal privacy rights of EU citizens are being breached are "well founded" and is seeking a referral to the CJEU, as a decision on the validity of the SCCs cannot be made by a national court. If the question is referred by the Commercial Court, the CJEU will be asked to make a decision on whether the transfer of data to the US could mean that it can be processed and assessed in a manner that is inconsistent with the Charter of Fundamental Rights of the EU.
Given the huge ramifications of the case, a large number of organisations have applied to intervene to join the case as amicus curiae. These include the United States Government, leading Irish and international business groups including BSA | The Software Alliance and the Irish Business and Employers Confederation (Ibec) as well a range of civil liberties organisations including the Electronic Frontier Foundation.
Businesses across the EU will be keeping a close eye on the progression of the case as the invalidation of SCCs would place widely-used universal data transfer mechanisms in further doubt.
