The Irish High Court on Thursday referred a case involving Facebook's data transfer practices and the manner in which they reflect on European Union citizens to the European Court of Justice, the political bloc's highest judicial body. The referral application will be officially filed with the ECJ by the end of the month, with the competent body being expected to decide whether to rule on it in the second half of the year. The case itself was started by an individual from Austria who sued the Menlo Park, California-based social media giant for storing data on EU nationals within the United States after whistleblower Edward Snowden revealed the extent of mass surveillance operations conducted by Washington in 2013.
The Irish court referred the case to the ECJ based on the fact that it doesn't have jurisdiction to rule on violations of the Privacy Shield agreement followed by the U.S. and EU. The legal framework that the plaintiff claims Facebook violated requires all American companies to adhere to EU privacy regulations in all applicable scenarios, including any cases of transferring such information to the U.S. The lawsuit alleges that Facebook failed to adequately protect that data and should hence be held accountable. Facebook is still considering whether to attempt blocking the referral, with its deadline for doing so being April 30, according to a company attorney.
The ECJ is traditionally reluctant to rule on digital privacy matters involving Facebook and often returns such litigation to its country of origin, having most recently done so this February. The social media company is presently exercising extreme caution when it comes to lobbying for the purpose of defending its existing user data collection and management practices due to the Cambridge Analytica scandal that illustrated how easily its platform can be surreptitiously misused with the goal of compromising individuals and groups. Earlier this week, Facebook opted to stop opposing a privacy bill in California that's still being lobbied against by the likes of Google, Comcast, Verizon, and AT&T. Recent controversies stemming from the 2014 ordeal whose extent was only revealed earlier this month following mid-March reports and a set of whistleblower-made accusations may lead to stricter data privacy regulations in the U.S., according to some industry watchers. The EU itself is set to start enforcing its General Data Protection Regulation late next month and compel data harvesters to change their practices in a significant matter, primarily in regards to how transparent they are when it comes to communicating them to users.